Print server via cups

This commit is contained in:
Florian Zirker 2022-10-01 23:25:04 +02:00
parent 85d6931593
commit c3d87fcfba
4 changed files with 205 additions and 1 deletions

40
print/Dockerfile Normal file
View file

@ -0,0 +1,40 @@
ARG MAINTAINER
FROM debian:bullseye
MAINTAINER $MAINTAINER
# Install Packages (basic tools, cups, basic drivers, HP drivers)
RUN apt-get update \
&& apt-get install -y \
sudo \
whois \
usbutils \
cups \
cups-client \
cups-bsd \
cups-filters \
foomatic-db-compressed-ppds \
printer-driver-all \
openprinting-ppds \
hpijs-ppds \
hp-ppd \
hplip \
smbclient \
printer-driver-cups-pdf \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Add user and disable sudo password checking
RUN useradd \
--groups=sudo,lp,lpadmin \
--create-home \
--home-dir=/home/print \
--shell=/bin/bash \
--password=$(mkpasswd print) \
print \
&& sed -i '/%sudo[[:space:]]/ s/ALL[[:space:]]*$/NOPASSWD:ALL/' /etc/sudoers
# Copy the default configuration file
COPY --chown=root:lp cupsd.conf /etc/cups/cupsd.conf
# Default shell
CMD ["/usr/sbin/cupsd", "-f"]

135
print/cupsd.conf Normal file
View file

@ -0,0 +1,135 @@
LogLevel warn
PageLogFormat
MaxLogSize 0
ErrorPolicy retry-job
# Allow remote access
Port 631
Listen /run/cups/cups.sock
# Share local printers on the local network.
Browsing On
BrowseLocalProtocols dnssd
DefaultAuthType Basic
WebInterface Yes
DefaultEncryption IfRequested
<Location />
# Allow shared printing and remote administration...
Order allow,deny
Allow all
</Location>
<Location /admin>
# Allow remote administration...
Order allow,deny
Allow all
</Location>
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
# Allow remote access to the configuration files...
Order allow,deny
Allow all
</Location>
<Location /admin/log>
AuthType Default
Require user @SYSTEM
# Allow remote access to the log files...
Order allow,deny
Allow all
</Location>
<Policy default>
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
<Limit Create-Job Print-Job Print-URI Validate-Job>
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
<Policy authenticated>
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Default
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
<Policy kerberos>
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Negotiate
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Negotiate
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Negotiate
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
ServerAlias *

29
print/docker-compose.yaml Normal file
View file

@ -0,0 +1,29 @@
version: "3.3"
services:
cups:
image: olbat/cupsd
volumes:
- /var/run/dbus:/var/run/dbus
- ${VOLUMES_PATH}/cups:/etc/cups
devices:
- /dev/usblp0
privileged: true
network_mode: host
# networks:
# - web
# ports:
# - 631:631
labels:
- "traefik.enable=true"
- "traefik.http.routers.cups.rule=Host(`print.${DOMAIN}`)"
- "traefik.http.routers.cups.entrypoints=web"
- "traefik.http.services.cups.loadbalancer.server.port=631"
- "docker.group=print"
restart: unless-stopped
networks:
web:
external: true

View file

@ -13,4 +13,4 @@ up dashboard;
up download; up download;
up portainer; up portainer;
up torrent; up torrent;
up print;