Compare commits
5 Commits
f43d3d514f
...
6fa46da763
Author | SHA1 | Date | |
---|---|---|---|
6fa46da763 | |||
c6eeb14cfc | |||
e321ce0809 | |||
1ba8e6a78c | |||
f0ed5efe7f |
24
README.md
24
README.md
@ -1,27 +1,23 @@
|
||||
# Printscan server
|
||||
## Version 2
|
||||
## Version 3
|
||||
|
||||
This repository contains files used to set up our printscan server on a freshly installed Armbian. Confirmed to work
|
||||
with Buster.
|
||||
This repository contains files used to set up our printscan server on a freshly installed Armbian. Target is Bullseye.
|
||||
|
||||
### Introduction
|
||||
(see wiki for need and concept explanation)
|
||||
|
||||
Version 2 implementation works roughly as follows:
|
||||
Version 3 implementation works roughly as follows:
|
||||
##### SBC
|
||||
* the Armbian-based device is connected to local network, and an all-in-one printer is connected to it via USB;
|
||||
* SANE and CUPS services are installed and running on the device;
|
||||
* CUPS is configured to provide a remote printer to network;
|
||||
* SANE is configured for local use only (default behaviour);
|
||||
* An headless X server is activable via [noVNC](https://github.com/novnc/noVNC);
|
||||
* This X session presents [Simple Scan](https://github.com/GNOME/simple-scan) tool, allowing users to perform scans;
|
||||
* The resulted document is automatically uploaded to Kloud, in a temporary directory;
|
||||
* Every night, the directory from previous day is removed from Kloud.
|
||||
* SANE is configured to provide network scan to a specific host only.
|
||||
|
||||
##### Applicative container
|
||||
* this specific host is an applicative container running [scanservjs](https://github.com/sbs20/scanservjs);
|
||||
* it is configured to use the scanner provided by the SBC.
|
||||
|
||||
### Files
|
||||
Files in this repository only cover the SBC setup.
|
||||
#### Installation
|
||||
* `setup.sh` is a script automating the installation and configuration of required software
|
||||
#### Run
|
||||
* `novnc.service`, `vnc.socket` and `vnc@.service` manage the headless X session
|
||||
* `scan.mount` configures a tmpfs at boot where to store scanned documents before they're sent to Kloud
|
||||
* `scan-to-cloud.{sh,service,path}` trigger and manage the upload to Kloud
|
||||
* `clean-cloud.{sh,service,timer}` trigger and manage the removal of previous directory from Kloud
|
||||
|
@ -1,7 +0,0 @@
|
||||
[Unit]
|
||||
Description=Clean remote dropbox
|
||||
|
||||
[Service]
|
||||
User=scan
|
||||
Type=oneshot
|
||||
ExecStart=/home/scan/.sync/clean-cloud.sh
|
@ -1,25 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# The purpose of this script is to automatically empty our remote sandbox.
|
||||
# This script is not to be run as root, rather as the user responsible for scanning.
|
||||
|
||||
# Only run if the user is not root
|
||||
if [[ $USER = 'root' ]] ; then
|
||||
echo "You must not run this script as root!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Set parameters
|
||||
remote_path='https://cloud.kto.black/remote.php/webdav/Scans'
|
||||
remote_user='scan'
|
||||
remote_passwd='rB2TgFpNXk3BbZ44'
|
||||
subdirectories_prefix='scans'
|
||||
|
||||
yesterday=$(date -d "-1 days" +"%Y%m%d")
|
||||
today=$(date +"%Y%m%d")
|
||||
|
||||
curl -s -u $remote_user:$remote_passwd -X DELETE $remote_path/$subdirectories_prefix-$yesterday
|
||||
curl -s -u $remote_user:$remote_passwd -X MKCOL $remote_path/$subdirectories_prefix-$today
|
||||
|
||||
echo "Cleaning done."
|
||||
exit 0
|
@ -1,9 +0,0 @@
|
||||
[Unit]
|
||||
Description=Run clean-cloud regularly
|
||||
|
||||
[Timer]
|
||||
OnCalendar=*-*-* 02:00:00
|
||||
Persistent=true
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
@ -1,10 +0,0 @@
|
||||
[Unit]
|
||||
Description=noVNC proxy with Websockify
|
||||
|
||||
[Service]
|
||||
User=scan
|
||||
Type=simple
|
||||
ExecStart=/usr/bin/websockify --ssl-only --cert /etc/ssl/cert.crt --key /etc/ssl/cert.key --web /usr/share/novnc 8080 localhost:5900
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
@ -1,8 +0,0 @@
|
||||
[Unit]
|
||||
Description=Run scan-to-cloud when a new document is scanned
|
||||
|
||||
[Path]
|
||||
DirectoryNotEmpty=/scan
|
||||
|
||||
[Install]
|
||||
WantedBy=paths.target
|
@ -1,7 +0,0 @@
|
||||
[Unit]
|
||||
Description=Upload scanned document to dropbox
|
||||
|
||||
[Service]
|
||||
User=scan
|
||||
Type=oneshot
|
||||
ExecStart=/home/scan/.sync/scan-to-cloud.sh
|
@ -1,33 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# The purpose of this script is to automaticaly upload scanned documents to a remote dropbox.
|
||||
# This script is not to be run as root, rather as the user responsible for scanning.
|
||||
|
||||
# Only run if the user is not root
|
||||
if [[ $USER = 'root' ]] ; then
|
||||
echo "You must not run this script as root!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Set parameters
|
||||
scan_directory='/scan'
|
||||
remote_path='https://cloud.kto.black/remote.php/webdav/Scans'
|
||||
remote_user='scan'
|
||||
remote_passwd='rB2TgFpNXk3BbZ44'
|
||||
subdirectories_prefix='scans'
|
||||
|
||||
today=$(date +"%Y%m%d")
|
||||
|
||||
# The script is executed a bit too early, so we need to wait a few seconds.
|
||||
sleep 5s
|
||||
|
||||
for filename in $scan_directory/*; do
|
||||
#echo "Creating today's directory..." # I'd like to remove these 2 lines
|
||||
#curl -s -u $remote_user:$remote_passwd -X MKCOL $remote_path/$subdirectories_prefix-$today
|
||||
echo "Uploading $filename..."
|
||||
curl -s -u $remote_user:$remote_passwd -T "$filename" $remote_path/$subdirectories_prefix-$today/
|
||||
rm "$filename"
|
||||
done
|
||||
|
||||
echo "Upload done."
|
||||
exit 0
|
11
scan.mount
11
scan.mount
@ -1,11 +0,0 @@
|
||||
[Unit]
|
||||
Description=tmpfs for scanned documents
|
||||
|
||||
[Mount]
|
||||
What=tmpfs
|
||||
Where=/scan
|
||||
Type=tmpfs
|
||||
Options=noatime,uid=1001,gid=1001
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
56
setup.sh
56
setup.sh
@ -23,15 +23,14 @@ install_packages() {
|
||||
sed -i -e "s/$deb_apt_default_repo/$deb_apt_repo/g" /etc/apt/sources.list
|
||||
apt update
|
||||
apt upgrade -y
|
||||
apt install -y vim tree tmux neofetch simple-scan sane hplip novnc x11vnc xvfb xinit libglib2.0-bin dbus-x11
|
||||
apt install -y vim tree tmux neofetch sane sane-utils hplip
|
||||
}
|
||||
|
||||
add_users() {
|
||||
echo "Adding users"
|
||||
useradd -U -G sudo,lpadmin -m -s /bin/bash $user
|
||||
chmod 700 /home/$user
|
||||
useradd -U -G scanner,lp -m -s /sbin/nologin $scan_user
|
||||
chmod 700 /home/$scan_user
|
||||
usermod -a -G lp saned
|
||||
}
|
||||
|
||||
get_conf() {
|
||||
@ -45,30 +44,10 @@ get_conf() {
|
||||
|
||||
set_conf() {
|
||||
echo "Setting configuration"
|
||||
sudo -H -u $user chmod uo+x $sync_directory_path/clean-cloud.sh $sync_directory_path/scan-to-cloud.sh
|
||||
ln -s $sync_directory_path/conf-sync-server.timer $systemd_units_path/conf-sync.timer
|
||||
ln -s $sync_directory_path/*.service $systemd_units_path/
|
||||
ln -s $sync_directory_path/*.timer $systemd_units_path/
|
||||
ln -s $sync_directory_path/*.socket $systemd_units_path/
|
||||
ln -s $sync_directory_path/*.mount $systemd_units_path/
|
||||
ln -s $sync_directory_path/*.path $systemd_units_path/
|
||||
systemctl daemon-reload
|
||||
systemctl enable novnc.service vnc.socket conf-sync.timer clean-cloud.timer scan.mount #scan-to-cloud.path
|
||||
}
|
||||
|
||||
set_scan_conf() {
|
||||
echo "Setting scan configuration"
|
||||
sudo -H -u $scan_user sh -c "echo 'simple-scan' > $scan_user_home_directory/.xinitrc" # TODO this should be done another way
|
||||
touch $passwd_file
|
||||
chown $scan_user:$scan_user $passwd_file
|
||||
sudo -H -u $scan_user x11vnc -storepasswd $vnc_passwd $passwd_file
|
||||
touch $x11vnc_logfile
|
||||
chown $scan_user:$scan_user $x11vnc_logfile
|
||||
mkdir $scan_tmpfs
|
||||
chown $scan_user:$scan_user $scan_tmpfs
|
||||
sudo -H -u $scan_user gsettings set org.gnome.SimpleScan paper-height 2970 # those don't work
|
||||
sudo -H -u $scan_user gsettings set org.gnome.SimpleScan paper-width 2100
|
||||
sudo -H -u $scan_user gsettings set org.gnome.SimpleScan save-directory $scan_tmpfs
|
||||
cp $novnc_webroot/vnc.html $novnc_webroot/index.html
|
||||
systemctl enable conf-sync.timer
|
||||
}
|
||||
|
||||
set_cups_conf() {
|
||||
@ -77,6 +56,11 @@ set_cups_conf() {
|
||||
ln -s $sync_directory_path/cupsd.conf $cups_conf_path/cupsd.conf
|
||||
}
|
||||
|
||||
set_sane_conf() {
|
||||
echo $printscan_container_ip >> /etc/sane.d/saned.conf
|
||||
systemctl enable saned.socket
|
||||
}
|
||||
|
||||
rcs_links() {
|
||||
echo "Linking rcs"
|
||||
rm /home/$user/.bashrc
|
||||
@ -85,6 +69,8 @@ rcs_links() {
|
||||
ln -s /home/$user/.bashrc /root/.bashrc
|
||||
sudo -H -u $user ln -s $sync_directory_path/vimrc /home/$user/.vimrc
|
||||
ln -s /home/$user/.vimrc /root/.vimrc
|
||||
sudo -H -u $user ln -s $sync_directory_path/tmux.conf /home/$user/.tmux.conf
|
||||
ln -s /home/$user/.tmux.conf /root/.tmux.conf
|
||||
}
|
||||
|
||||
ssh_pubkey() {
|
||||
@ -94,12 +80,6 @@ ssh_pubkey() {
|
||||
sudo -H -u $user mv /home/$user/.ssh/$remote_pubkey /home/$user/.ssh/authorized_keys
|
||||
}
|
||||
|
||||
tls_cert() {
|
||||
echo "Generating TLS certificate"
|
||||
openssl req -newkey rsa:4096 -x509 -sha256 -days 999 -nodes -out $tls_directory/$cert -keyout $tls_directory/$cert_key -subj "/C=/ST=/L=/O=/OU=/CN="
|
||||
chmod o+r $tls_directory/$cert_key
|
||||
}
|
||||
|
||||
# Only run if the user is root
|
||||
if [[ $USER != 'root' ]] ; then
|
||||
echo "You must run this script as root!"
|
||||
@ -122,16 +102,9 @@ scan_user_home_directory="/home/$scan_user"
|
||||
sync_directory_path="/home/$user/.sync"
|
||||
systemd_units_path='/etc/systemd/system'
|
||||
cups_conf_path='/etc/cups'
|
||||
vnc_passwd='windows'
|
||||
passwd_file='/etc/passwdd'
|
||||
x11vnc_logfile='/var/log/x11vnc.log'
|
||||
scan_tmpfs='/scan'
|
||||
novnc_webroot='/usr/share/novnc'
|
||||
printscan_container_ip='192.168.0.91'
|
||||
remote_pubkey_location='https://keys.kto.black'
|
||||
remote_pubkey='home.pub'
|
||||
tls_directory='/etc/ssl/'
|
||||
cert='cert.crt'
|
||||
cert_key='cert.key'
|
||||
|
||||
# Main process
|
||||
# You should comment below what you do not want to happen
|
||||
@ -140,18 +113,17 @@ install_packages
|
||||
add_users
|
||||
get_conf
|
||||
set_conf
|
||||
set_scan_conf
|
||||
set_cups_conf
|
||||
set_sane_conf
|
||||
rcs_links
|
||||
ssh_pubkey
|
||||
tls_cert
|
||||
|
||||
echo ""
|
||||
echo "We're all good here!"
|
||||
echo "You should now:"
|
||||
echo "* set $user's password"
|
||||
echo "* lock root account"
|
||||
echo "* remove setup.sh"
|
||||
echo "* remove setup.sh and conf-sync.sh"
|
||||
echo "* reboot the SBC"
|
||||
echo "And perhaps:"
|
||||
echo "* connect to http://$hostname:631/ and add a printer"
|
||||
|
10
vnc.socket
10
vnc.socket
@ -1,10 +0,0 @@
|
||||
[Unit]
|
||||
Description=VNC incoming socket
|
||||
|
||||
[Socket]
|
||||
ListenStream=127.0.0.1:5900
|
||||
Accept=yes
|
||||
MaxConnections=5
|
||||
|
||||
[Install]
|
||||
WantedBy=sockets.target
|
14
vnc@.service
14
vnc@.service
@ -1,14 +0,0 @@
|
||||
# VNC password should be set in /etc/passwdd
|
||||
# TODO we still need to handle session termination
|
||||
|
||||
[Unit]
|
||||
Description=Specific x11vnc session
|
||||
OnFailure=scan-to-cloud.service
|
||||
|
||||
[Service]
|
||||
User=scan
|
||||
Type=simple
|
||||
ExecStart=/usr/bin/x11vnc -once -create -localhost -inetd -bg -o /var/log/x11vnc.log -rfbauth /etc/passwdd
|
||||
#ExecStop=/usr/bin/x11vnc -R stop # TODO test that, unless it prevents OnFailure from working
|
||||
StandardInput=socket
|
||||
StandardError=syslog
|
Loading…
Reference in New Issue
Block a user