mtan93/homeassistant-addons
1
0
Fork 0
mirror of https://github.com/mtan93/homeassistant-addons.git synced 2026-03-08 05:21:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Initial add of cups add-on

Browse Source
This commit is contained in:
Max Winterstein
2022-12-18 13:52:53 +01:00
parent e5720e1202
commit 2ee5d49203
16 changed files with 553 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

136
cups/CHANGELOG.md Normal file
View File

@@ -0,0 +1,136 @@
# Changelog
## 2.0.0 -- 18.12.2022
* Changed `init` to `false` to make it at least starting.
---
Original Changelog:
## 1.0.0-alpha.25
- Used documented ingress path header for rewrites, removed JS
## 1.0.0-alpha.24
- Modified Nginx configuration to get the authentication token from JS
## 1.0.0-alpha.23
- Fixed Avahi config to use D-Bus again
- Made Nginx authenticate supervisor requests
- Used container fqdn instead of Home Assistant hostname for certificate filenames
## 1.0.0-alpha.22
- Removed debug log level in CUPS
- Made Avahi wait to be configured before starting
## 1.0.0-alpha.21
- Debug: increased CUPS log level
## 1.0.0-alpha.20
- Removed debugging print statements from run.sh
- Added export statement to http.js
- Mapped Home Assistant hostname into avahi-daemon.conf
- Removed DNSSDHostName key from cupsd.conf (introduced in later version)
## 1.0.0-alpha.19
- Replaced const with var in http.js
- Automatically generated /data/cups on first run
## 1.0.0-alpha.18
- Fixed nginx.conf typo
- Debug: print debugging in run.sh
## 1.0.0-alpha.17
- Persisted all CUPS configuration
- Refreshed all certificates on startup
- Added a CSP on ingress to disable the CUPS frame-blocker
- Rewrote absolute page URLs on ingress to point to the proxied URL
- Redirected printer advertisements to the domain name of the Home Assistant installation
- Disabled mDNS address responses for the container
- Added more default drivers
## 1.0.0-alpha.16
- Flipped order of arguments in ln command
## 1.0.0-alpha.15
- Fixed bug in run.sh caused by a variable in an if statement
## 1.0.0-alpha.14
- Added D-Bus back
- Fixed SSL support for CUPS - new config options
- Added startup dependencies for CUPS and Avahi
## 1.0.0-alpha.13
- Added a delay so CUPS starts after Avahi is up
- Debug: removed IP filter on ingress controller
## 1.0.0-alpha.12
- Attempted to remove D-Bus
## 1.0.0-alpha.11
- Turned off D-Bus support in Avahi
- Created a folder for D-Bus to store its socket
## 1.0.0-alpha.10
- Added a D-Bus daemon into the container directly
## 1.0.0-alpha.9
- Mapped the host D-Bus service into the container
- Added an events section to nginx.conf
## 1.0.0-alpha.8
- Fixed shebang to point to /bin/sh instead of /usr/bin/sh
## 1.0.0-alpha.7
- Normalized line endings to LF
## 1.0.0-alpha.6
- Replaced execlineb with sh
- Removed debug info for ingress
- Added nginx to proxy requests for ingress
## 1.0.0-alpha.5
- Replaced bashio with execlineb in service script
- Added debug info for ingress
## 1.0.0-alpha.4
- Moved this changelog into the correct directory
- Added exec command to run script
- Fixed external hostname mapping
## 1.0.0-alpha.3
- Added this changelog
- Added all configured hostnames to allowlist
- Added avahi-daemon service
## 1.0.0-alpha.2
- Updated link to repository
- Fixed unescaped newlines causing container start to fail in run.sh
## 1.0.0-alpha.1
- Initial release

37
cups/Dockerfile Normal file
View File

@@ -0,0 +1,37 @@
ARG BUILD_FROM
FROM $BUILD_FROM
LABEL io.hass.version="1" io.hass.type="addon" io.hass.arch="armhf|aarch64|i386|amd64"
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
cups \
avahi-daemon \
libnss-mdns \
dbus \
colord \
printer-driver-all \
printer-driver-gutenprint \
openprinting-ppds \
hpijs-ppds \
hp-ppd \
hplip \
printer-driver-foo2zjs \
gnupg2 \
lsb-release \
nano \
samba \
bash-completion \
&& echo "deb http://nginx.org/packages/debian `lsb_release -cs` nginx" \
| tee /etc/apt/sources.list.d/nginx.list \
&& curl -fsSL https://nginx.org/keys/nginx_signing.key | apt-key add - \
&& apt-get update \
&& apt-get install nginx nginx-module-njs \
&& apt-get clean -y \
&& rm -rf /var/lib/apt/lists/*
COPY rootfs /
EXPOSE 631 445 137 139
CMD ["/run.sh"]

10
cups/README.md Normal file
View File

@@ -0,0 +1,10 @@
# Home Assistant Add-on: CUPS Printer server
<a href='https://ko-fi.com/MaxWinterstein' target='_blank'><img height='35' style='border:0px;height:46px;' src='https://az743702.vo.msecnd.net/cdn/kofi3.png?v=0' border='0' alt='Buy Me a Coffee at ko-fi.com'></a>
## Credits
This Add-On is based on the work of https://github.com/Luk164/addon-repository - and just slighty adjusted to make it work. Thanks <3
## Known Issues 🚨
* mDNS is not working, therefore e.g. printeres are not announced via Avahi / Bonjour - see [#128](https://github.com/MaxWinterstein/homeassistant-addons/issues/128)
* Ingress is not working, so I disabled it for now. Please access the Webinterface via port 631, e.g. https://192.168.1.2:631 - see [#129](https://github.com/MaxWinterstein/homeassistant-addons/issues/129)

7
cups/build.json Normal file
View File

@@ -0,0 +1,7 @@
{
"build_from": {
"armhf": "ghcr.io/home-assistant/armhf-base-debian:bullseye",
"aarch64": "ghcr.io/home-assistant/aarch64-base-debian:bullseye",
"amd64": "ghcr.io/home-assistant/amd64-base-debian:bullseye"
}
}

38
cups/config.yaml Normal file
View File

@@ -0,0 +1,38 @@
---
name: CUPS Print Server
version: 2.0.0
stage: experimental
slug: cups
image: ghcr.io/maxwinterstein/homeassistant-addon-cups-{arch}
description: A CUPS print server with Avahi installed
url: https://github.com/MaxWinterstein/homeassistant-addons/
arch:
- armhf
- aarch64
- amd64
startup: application
boot: auto
usb: 'true'
init: 'false'
homeassistant_api: true
# host_network: false
ports:
631/tcp: 631
631/udp: 631
ports_description:
631/tcp: For other devices on the local network to print to this server
631/udp: For other devices on the local network to print to this server
ingress: false
map:
- ssl
options:
ssl: true
certfile: fullchain.pem
keyfile: privkey.pem
require_ssl: true
schema:
ssl: bool
cafile: str?
certfile: str
keyfile: str
require_ssl: bool

BIN
cups/icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

BIN
cups/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

2
cups/rootfs/etc/cont-init.d/dbus-setup Normal file
View File

@@ -0,0 +1,2 @@
#!/bin/sh
mkdir -p /var/run/dbus

19
cups/rootfs/etc/nginx/nginx.conf Normal file
View File

@@ -0,0 +1,19 @@
events {
}
http {
server {
listen 8099;
location / {
proxy_pass https://localhost:631;
proxy_hide_header X-Frame-Options;
proxy_hide_header Content-Security-Policy;
add_header Content-Security-Policy "sandbox allow-forms allow-modals allow-popups allow-popups-to-escape-sandbox allow-scripts";
sub_filter '"/' '"$http_x_ingress_path/';
sub_filter "'/" "'$http_x_ingress_path/";
sub_filter_once off;
}
}
}

8
cups/rootfs/etc/services.d/avahi/run Normal file
View File

@@ -0,0 +1,8 @@
#!/bin/sh
# Wait until D-Bus is up and the init script has mapped in the external hostname
until [ -e /var/run/dbus/system_bus_socket ] && [ -e /var/run/avahi_configured ]; do
sleep 1s
done
exec avahi-daemon

2
cups/rootfs/etc/services.d/dbus/run Normal file
View File

@@ -0,0 +1,2 @@
#!/bin/sh
exec dbus-daemon --system --nofork

2
cups/rootfs/etc/services.d/nginx/run Normal file
View File

@@ -0,0 +1,2 @@
#!/bin/sh
exec nginx -g "daemon off;"

57
cups/rootfs/run.sh Normal file
View File

@@ -0,0 +1,57 @@
#!/usr/bin/with-contenv bashio
# Create links for certificates with CUPS' expected filenames
bashio::config.require.ssl
keyfile=$(bashio::config keyfile)
certfile=$(bashio::config certfile)
cafile=$(bashio::config cafile)
hostname=$(bashio::info.hostname)
fqdn=$(hostname --fqdn)
mkdir -p /data/ssl
if [ $cafile != null ] && [ -e "/ssl/$cafile" ]; then
rm -f /data/ssl/site.crt
ln -s "/ssl/$cafile" /data/ssl/site.crt
fi
if bashio::config.true ssl; then
rm -f "/data/ssl/$fqdn.key"
rm -f "/data/ssl/$fqdn.crt"
ln -s "/ssl/$keyfile" "/data/ssl/$fqdn.key"
ln -s "/ssl/$certfile" "/data/ssl/$fqdn.crt"
fi
# Get all possible hostnames from configuration
result=$(bashio::api.supervisor GET /core/api/config true || true)
internal=$(bashio::jq "$result" '.internal_url' | cut -d'/' -f3 | cut -d':' -f1)
external=$(bashio::jq "$result" '.external_url' | cut -d'/' -f3 | cut -d':' -f1)
# Fill config file templates with runtime data
config=$(jq --arg internal "$internal" --arg external "$external" --arg hostname "$hostname" \
'{ssl: .ssl, require_ssl: .require_ssl, internal: $internal, external: $external, hostname: $hostname}' \
/data/options.json)
echo "$config" | tempio \
-template /usr/share/cupsd.conf.tempio \
-out /etc/cups/cupsd.conf
echo "$config" | tempio \
-template /usr/share/cups-files.conf.tempio \
-out /etc/cups/cups-files.conf
echo "$config" | tempio \
-template /usr/share/avahi-daemon.conf.tempio \
-out /etc/avahi/avahi-daemon.conf
mkdir -p /data/cups
# Start Avahi, wait for it to start up
touch /var/run/avahi_configured
until [ -e /var/run/avahi-daemon/socket ]; do
sleep 1s
done
# Start CUPS
/usr/sbin/cupsd -f

68
cups/rootfs/usr/share/avahi-daemon.conf.tempio Normal file
View File

@@ -0,0 +1,68 @@
# This file is part of avahi.
#
# avahi is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as
# published by the Free Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# avahi is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
# License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with avahi; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
# USA.
# See avahi-daemon.conf(5) for more information on this configuration
# file!
[server]
host-name={{.hostname}}
#domain-name=local
#browse-domains=0pointer.de, zeroconf.org
use-ipv4=yes
use-ipv6=yes
#allow-interfaces=eth0
#deny-interfaces=eth1
#check-response-ttl=no
#use-iff-running=no
#enable-dbus=yes
#disallow-other-stacks=no
#allow-point-to-point=no
#cache-entries-max=4096
#clients-max=4096
#objects-per-client-max=1024
#entries-per-entry-group-max=32
ratelimit-interval-usec=1000000
ratelimit-burst=1000
[wide-area]
enable-wide-area=yes
[publish]
#disable-publishing=no
#disable-user-service-publishing=no
#add-service-cookie=no
publish-addresses=no
publish-hinfo=no
publish-workstation=no
publish-domain=no
#publish-dns-servers=192.168.50.1, 192.168.50.2
#publish-resolv-conf-dns-servers=yes
#publish-aaaa-on-ipv4=yes
#publish-a-on-ipv6=no
[reflector]
#enable-reflector=no
#reflect-ipv=no
[rlimits]
#rlimit-as=
#rlimit-core=0
#rlimit-data=8388608
#rlimit-fsize=0
#rlimit-nofile=768
#rlimit-stack=8388608
#rlimit-nproc=3

3
cups/rootfs/usr/share/cups-files.conf.tempio Normal file
View File

@@ -0,0 +1,3 @@
ServerRoot /data/cups
ServerKeychain /data/ssl
CreateSelfSignedCerts {{if .ssl}}no{{else}}yes{{end}}

164
cups/rootfs/usr/share/cupsd.conf.tempio Normal file
View File

@@ -0,0 +1,164 @@
#
#
# Sample configuration file for the CUPS scheduler. See "man cupsd.conf" for a
# complete description of this file.
#
# Log general information in error_log - change "warn" to "debug"
# for troubleshooting...
LogLevel warn
# Deactivate CUPS' internal logrotating, as we provide a better one, especially
# LogLevel debug2 gets usable now
MaxLogSize 0
# Listen to all
Port 631
Listen /var/run/cups/cups.sock
# Show shared printers on the local network.
Browsing On
BrowseLocalProtocols all
# Default authentication type, when authentication is required...
DefaultAuthType Basic
DefaultEncryption Required
# Host header validation
ServerAlias {{.hostname}}.local {{.internal}} {{.external}}
ServerName {{.hostname}}
# Web interface setting...
WebInterface Yes
# Restrict access to the server...
<Location />
Order allow,deny
Allow all
Encryption {{if .require_ssl}}Required{{else}}IfRequested{{end}}
</Location>
# Restrict access to the admin pages...
<Location /admin>
Order allow,deny
Allow all
</Location>
# Restrict access to configuration files...
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
Allow 172.0.0.1
Satisfy any
</Location>
# Set the default printer/job policies...
<Policy default>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
Require user @OWNER @SYSTEM
Order allow,deny
Allow 172.0.0.1
Satisfy any
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType Default
Require user @SYSTEM
Order allow,deny
Allow 172.0.0.1
Satisfy any
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order allow,deny
Allow 172.0.0.1
Satisfy any
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order allow,deny
Allow 172.0.0.1
Satisfy any
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
# Set the authenticated printer/job policies...
<Policy authenticated>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Default
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order allow,deny
Allow 172.0.0.1
Satisfy any
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order allow,deny
Allow 172.0.0.1
Satisfy any
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order allow,deny
Allow 172.0.0.1
Satisfy any
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Default
Require user @OWNER @SYSTEM
Order allow,deny
Allow 172.0.0.1
Satisfy any
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
#
#