Compare commits

...

3 commits

6 changed files with 209 additions and 3 deletions

40
print/Dockerfile Normal file
View file

@ -0,0 +1,40 @@
ARG MAINTAINER
FROM debian:bullseye
MAINTAINER $MAINTAINER
# Install Packages (basic tools, cups, basic drivers, HP drivers)
RUN apt-get update \
&& apt-get install -y \
sudo \
whois \
usbutils \
cups \
cups-client \
cups-bsd \
cups-filters \
foomatic-db-compressed-ppds \
printer-driver-all \
openprinting-ppds \
hpijs-ppds \
hp-ppd \
hplip \
smbclient \
printer-driver-cups-pdf \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Add user and disable sudo password checking
RUN useradd \
--groups=sudo,lp,lpadmin \
--create-home \
--home-dir=/home/print \
--shell=/bin/bash \
--password=$(mkpasswd print) \
print \
&& sed -i '/%sudo[[:space:]]/ s/ALL[[:space:]]*$/NOPASSWD:ALL/' /etc/sudoers
# Copy the default configuration file
COPY --chown=root:lp cupsd.conf /etc/cups/cupsd.conf
# Default shell
CMD ["/usr/sbin/cupsd", "-f"]

135
print/cupsd.conf Normal file
View file

@ -0,0 +1,135 @@
LogLevel warn
PageLogFormat
MaxLogSize 0
ErrorPolicy retry-job
# Allow remote access
Port 631
Listen /run/cups/cups.sock
# Share local printers on the local network.
Browsing On
BrowseLocalProtocols dnssd
DefaultAuthType Basic
WebInterface Yes
DefaultEncryption IfRequested
<Location />
# Allow shared printing and remote administration...
Order allow,deny
Allow all
</Location>
<Location /admin>
# Allow remote administration...
Order allow,deny
Allow all
</Location>
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
# Allow remote access to the configuration files...
Order allow,deny
Allow all
</Location>
<Location /admin/log>
AuthType Default
Require user @SYSTEM
# Allow remote access to the log files...
Order allow,deny
Allow all
</Location>
<Policy default>
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
<Limit Create-Job Print-Job Print-URI Validate-Job>
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
<Policy authenticated>
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Default
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
<Policy kerberos>
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Negotiate
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Negotiate
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Negotiate
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
ServerAlias *

29
print/docker-compose.yaml Normal file
View file

@ -0,0 +1,29 @@
version: "3.3"
services:
cups:
image: olbat/cupsd
volumes:
- /var/run/dbus:/var/run/dbus
- ${VOLUMES_PATH}/cups:/etc/cups
devices:
- /dev/usblp0
privileged: true
network_mode: host
# networks:
# - web
# ports:
# - 631:631
labels:
- "traefik.enable=true"
- "traefik.http.routers.cups.rule=Host(`print.${DOMAIN}`)"
- "traefik.http.routers.cups.entrypoints=web"
- "traefik.http.services.cups.loadbalancer.server.port=631"
- "docker.group=print"
restart: unless-stopped
networks:
web:
external: true

View file

@ -10,8 +10,8 @@ services:
- "443:443"
networks:
- web
- dockersocket
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "$PWD/traefik.yml:/etc/traefik/traefik.yml"
- "$PWD/extraProviders/:/extraProviders:ro"
labels:
@ -22,6 +22,8 @@ services:
- "docker.group=proxy"
extra_hosts:
- host.docker.internal:172.17.0.1
depends_on:
- docker-socket-proxy
docker-socket-proxy:

View file

@ -10,7 +10,7 @@ api:
providers:
docker:
exposedbydefault: false
endpoint: "unix:///var/run/docker.sock"
endpoint: "tcp://docker-socket-proxy:2375"
file:
directory: /extraProviders

View file

@ -13,4 +13,4 @@ up dashboard;
up download;
up portainer;
up torrent;
up print;