From 85d6931593beb60d5a54037bca2405642cdeb018 Mon Sep 17 00:00:00 2001
From: Florian Zirker <florian.zirker@kapsweyer.de>
Date: Mon, 12 Sep 2022 21:42:37 +0200
Subject: [PATCH 1/3] Dockersocket for traefik

---
 proxy/docker-compose.yaml | 2 +-
 proxy/traefik.yml         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/proxy/docker-compose.yaml b/proxy/docker-compose.yaml
index f8ff06d..682389a 100644
--- a/proxy/docker-compose.yaml
+++ b/proxy/docker-compose.yaml
@@ -10,8 +10,8 @@ services:
       - "443:443"
     networks:
       - web
+      - dockersocket
     volumes:
-      - "/var/run/docker.sock:/var/run/docker.sock:ro"
       - "$PWD/traefik.yml:/etc/traefik/traefik.yml"
       - "$PWD/extraProviders/:/extraProviders:ro"
     labels:
diff --git a/proxy/traefik.yml b/proxy/traefik.yml
index 3c1ff30..587f802 100644
--- a/proxy/traefik.yml
+++ b/proxy/traefik.yml
@@ -10,7 +10,7 @@ api:
 providers:
   docker:
     exposedbydefault: false
-    endpoint: "unix:///var/run/docker.sock"
+    endpoint: "tcp://docker-socket-proxy:2375"
 
   file:
     directory: /extraProviders

From c3d87fcfba2a7f59c27c75e92b2ca8926439b124 Mon Sep 17 00:00:00 2001
From: Florian Zirker <florian.zirker@kapsweyer.de>
Date: Sat, 1 Oct 2022 23:25:04 +0200
Subject: [PATCH 2/3] Print server via cups

---
 print/Dockerfile          |  40 +++++++++++
 print/cupsd.conf          | 135 ++++++++++++++++++++++++++++++++++++++
 print/docker-compose.yaml |  29 ++++++++
 start-all.sh              |   2 +-
 4 files changed, 205 insertions(+), 1 deletion(-)
 create mode 100644 print/Dockerfile
 create mode 100644 print/cupsd.conf
 create mode 100644 print/docker-compose.yaml

diff --git a/print/Dockerfile b/print/Dockerfile
new file mode 100644
index 0000000..1ea1351
--- /dev/null
+++ b/print/Dockerfile
@@ -0,0 +1,40 @@
+ARG MAINTAINER
+FROM debian:bullseye
+MAINTAINER $MAINTAINER
+
+# Install Packages (basic tools, cups, basic drivers, HP drivers)
+RUN apt-get update \
+&& apt-get install -y \
+  sudo \
+  whois \
+  usbutils \
+  cups \
+  cups-client \
+  cups-bsd \
+  cups-filters \
+  foomatic-db-compressed-ppds \
+  printer-driver-all \
+  openprinting-ppds \
+  hpijs-ppds \
+  hp-ppd \
+  hplip \
+  smbclient \
+  printer-driver-cups-pdf \
+&& apt-get clean \
+&& rm -rf /var/lib/apt/lists/*
+
+# Add user and disable sudo password checking
+RUN useradd \
+  --groups=sudo,lp,lpadmin \
+  --create-home \
+  --home-dir=/home/print \
+  --shell=/bin/bash \
+  --password=$(mkpasswd print) \
+  print \
+&& sed -i '/%sudo[[:space:]]/ s/ALL[[:space:]]*$/NOPASSWD:ALL/' /etc/sudoers
+
+# Copy the default configuration file
+COPY --chown=root:lp cupsd.conf /etc/cups/cupsd.conf
+
+# Default shell
+CMD ["/usr/sbin/cupsd", "-f"]
diff --git a/print/cupsd.conf b/print/cupsd.conf
new file mode 100644
index 0000000..a482ccb
--- /dev/null
+++ b/print/cupsd.conf
@@ -0,0 +1,135 @@
+LogLevel warn
+PageLogFormat
+MaxLogSize 0
+ErrorPolicy retry-job
+# Allow remote access
+Port 631
+Listen /run/cups/cups.sock
+# Share local printers on the local network.
+Browsing On
+BrowseLocalProtocols dnssd
+DefaultAuthType Basic
+WebInterface Yes
+DefaultEncryption IfRequested
+<Location />
+  # Allow shared printing and remote administration...
+  Order allow,deny
+  Allow all
+</Location>
+<Location /admin>
+  # Allow remote administration...
+  Order allow,deny
+  Allow all
+</Location>
+<Location /admin/conf>
+  AuthType Default
+  Require user @SYSTEM
+  # Allow remote access to the configuration files...
+  Order allow,deny
+  Allow all
+</Location>
+<Location /admin/log>
+  AuthType Default
+  Require user @SYSTEM
+  # Allow remote access to the log files...
+  Order allow,deny
+  Allow all
+</Location>
+<Policy default>
+  JobPrivateAccess default
+  JobPrivateValues default
+  SubscriptionPrivateAccess default
+  SubscriptionPrivateValues default
+  <Limit Create-Job Print-Job Print-URI Validate-Job>
+    Order deny,allow
+  </Limit>
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+  </Limit>
+  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+  </Limit>
+  <Limit Cancel-Job CUPS-Authenticate-Job>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+  <Limit All>
+    Order deny,allow
+  </Limit>
+</Policy>
+<Policy authenticated>
+  JobPrivateAccess default
+  JobPrivateValues default
+  SubscriptionPrivateAccess default
+  SubscriptionPrivateValues default
+  <Limit Create-Job Print-Job Print-URI Validate-Job>
+    AuthType Default
+    Order deny,allow
+  </Limit>
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+    AuthType Default
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+  </Limit>
+  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+  </Limit>
+  <Limit Cancel-Job CUPS-Authenticate-Job>
+    AuthType Default
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+  <Limit All>
+    Order deny,allow
+  </Limit>
+</Policy>
+<Policy kerberos>
+  JobPrivateAccess default
+  JobPrivateValues default
+  SubscriptionPrivateAccess default
+  SubscriptionPrivateValues default
+  <Limit Create-Job Print-Job Print-URI Validate-Job>
+    AuthType Negotiate
+    Order deny,allow
+  </Limit>
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+    AuthType Negotiate
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+  </Limit>
+  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+  </Limit>
+  <Limit Cancel-Job CUPS-Authenticate-Job>
+    AuthType Negotiate
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+  <Limit All>
+    Order deny,allow
+  </Limit>
+</Policy>
+
+ServerAlias *
diff --git a/print/docker-compose.yaml b/print/docker-compose.yaml
new file mode 100644
index 0000000..bd1f2e0
--- /dev/null
+++ b/print/docker-compose.yaml
@@ -0,0 +1,29 @@
+version: "3.3"
+
+services:
+
+  cups:
+    image: olbat/cupsd
+    volumes:
+      - /var/run/dbus:/var/run/dbus
+      - ${VOLUMES_PATH}/cups:/etc/cups
+    devices:
+      - /dev/usblp0
+    privileged: true
+    network_mode: host
+#    networks:
+#      - web
+#    ports:
+#      - 631:631
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.cups.rule=Host(`print.${DOMAIN}`)"
+      - "traefik.http.routers.cups.entrypoints=web"
+      - "traefik.http.services.cups.loadbalancer.server.port=631"
+      - "docker.group=print"
+    restart: unless-stopped
+
+networks:
+  web:
+    external: true
+
diff --git a/start-all.sh b/start-all.sh
index e43afa9..9a8cd65 100755
--- a/start-all.sh
+++ b/start-all.sh
@@ -13,4 +13,4 @@ up dashboard;
 up download;
 up portainer;
 up torrent;
-
+up print;

From ad32fa5866f4eeaba1252f3adb5e1ecf8b112dc5 Mon Sep 17 00:00:00 2001
From: Florian Zirker <florian.zirker@kapsweyer.de>
Date: Sat, 1 Oct 2022 23:27:19 +0200
Subject: [PATCH 3/3] Dependency to dockersocketproxy in proxy config

---
 proxy/docker-compose.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/proxy/docker-compose.yaml b/proxy/docker-compose.yaml
index 682389a..5ca4c28 100644
--- a/proxy/docker-compose.yaml
+++ b/proxy/docker-compose.yaml
@@ -22,6 +22,8 @@ services:
       - "docker.group=proxy"
     extra_hosts:
       - host.docker.internal:172.17.0.1
+    depends_on:
+      - docker-socket-proxy
 
 
   docker-socket-proxy: