[Cups-dev] Initial add

cups-dev/Dockerfile

@@ -0,0 +1,50 @@
+FROM ghcr.io/hassio-addons/debian-base:7.1.0
+
+LABEL io.hass.version="1.0" io.hass.type="addon" io.hass.arch="aarch64|amd64"
+
+# Set shell
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        sudo \
+        locales \
+        cups \
+        avahi-daemon \
+        libnss-mdns \
+        dbus \
+        colord \
+        printer-driver-all \
+        printer-driver-gutenprint \
+        openprinting-ppds \
+        hpijs-ppds \
+        hp-ppd  \
+        hplip \
+        printer-driver-foo2zjs \
+        cups-pdf \
+        gnupg2 \
+        lsb-release \
+        nano \
+        samba \
+        bash-completion \
+        procps \
+    && apt-get clean -y \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY rootfs /
+
+# Add user and disable sudo password checking
+RUN useradd \
+  --groups=sudo,lp,lpadmin \
+  --create-home \
+  --home-dir=/home/print \
+  --shell=/bin/bash \
+  --password=$(mkpasswd print) \
+  print \
+&& sed -i '/%sudo[[:space:]]/ s/ALL[[:space:]]*$/NOPASSWD:ALL/' /etc/sudoers
+
+EXPOSE 631
+
+RUN chmod a+x /run.sh
+
+CMD ["/run.sh"]

cups-dev/README.md

@@ -0,0 +1,8 @@
+# homeassistant addon cups airprint
+CUPS addon with working Avahi in reflector mode 
+
+Tested with Home Assistant version **2023.9**
+
+CUPS administrator login: print, password: print (can be changed in the Dockerfile)
+
+[![Open your Home Assistant instance and show the add add-on repository dialog with a specific repository URL pre-filled.](https://my.home-assistant.io/badges/supervisor_add_addon_repository.svg)](https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgithub.com%2Fzajac-grzegorz%2Fhomeassistant-addon-cups-airprint)

cups-dev/build.yaml

@@ -0,0 +1,3 @@
+build_from:
+  aarch64: ghcr.io/hassio-addons/debian-base:7.1.0
+  amd64: ghcr.io/hassio-addons/debian-base:7.1.0

cups-dev/config.yaml

@@ -0,0 +1,21 @@
+name: CUPS
+version: "1.0"
+slug: cupsik
+description: A CUPS print server with working AirPrint
+arch:
+  - amd64
+  - aarch64
+usb: true
+init: false
+homeassistant_api: true
+host_network: true
+ports:
+  631/tcp: 631
+  631/udp: 631
+ports_description:
+  631/tcp: For other devices on the local network to print to this server
+  631/udp: For other devices on the local network to print to this server
+# ingress: false
+map:
+  - config:rw
+

cups-dev/repository.json

@@ -0,0 +1,5 @@
+{
+  "name": "Home Assistant CUPS + Airprint Add-On repository",
+  "url": "https://github.com/zajac-grzegorz/homeassistant-addon-cups-airprint",
+  "maintainer": "Grzegorz Zajac"
+}

cups-dev/rootfs/etc/avahi/avahi-daemon.conf

@@ -0,0 +1,69 @@
+# This file is part of avahi.
+#
+# avahi is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as
+# published by the Free Software Foundation; either version 2 of the
+# License, or (at your option) any later version.
+#
+# avahi is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
+# License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with avahi; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+# USA.
+
+# See avahi-daemon.conf(5) for more information on this configuration
+# file!
+
+[server]
+#host-name=foo
+#domain-name=local
+#browse-domains=0pointer.de, zeroconf.org
+use-ipv4=yes
+use-ipv6=yes
+#allow-interfaces=eth0
+#deny-interfaces=eth1
+#check-response-ttl=no
+#use-iff-running=no
+#enable-dbus=yes
+#disallow-other-stacks=no
+#allow-point-to-point=no
+#cache-entries-max=4096
+#clients-max=4096
+#objects-per-client-max=1024
+#entries-per-entry-group-max=32
+ratelimit-interval-usec=1000000
+ratelimit-burst=1000
+
+[wide-area]
+enable-wide-area=yes
+
+[publish]
+#disable-publishing=no
+#disable-user-service-publishing=no
+#add-service-cookie=no
+#publish-addresses=yes
+publish-hinfo=no
+publish-workstation=no
+#publish-domain=yes
+#publish-dns-servers=192.168.50.1, 192.168.50.2
+#publish-resolv-conf-dns-servers=yes
+#publish-aaaa-on-ipv4=yes
+#publish-a-on-ipv6=no
+
+[reflector]
+enable-reflector=yes
+#reflect-ipv=no
+#reflect-filters=_airplay._tcp.local,_raop._tcp.local
+
+[rlimits]
+#rlimit-as=
+#rlimit-core=0
+#rlimit-data=8388608
+#rlimit-fsize=0
+#rlimit-nofile=768
+#rlimit-stack=8388608
+#rlimit-nproc=3

cups-dev/rootfs/etc/cups/cupsd.conf

@@ -0,0 +1,194 @@
+#
+# Configuration file for the CUPS scheduler.  See "man cupsd.conf" for a
+# complete description of this file.
+#
+
+# Log general information in error_log - change "warn" to "debug"
+# for troubleshooting...
+LogLevel warn
+PageLogFormat
+
+# Specifies the maximum size of the log files before they are rotated.  The value "0" disables log rotation.
+MaxLogSize 0
+
+# Default error policy for printers
+ErrorPolicy retry-job
+
+# Only listen for connections from the local machine.
+Port 631
+Listen /run/cups/cups.sock
+
+# Show shared printers on the local network.
+Browsing Yes
+BrowseLocalProtocols all
+
+# Default authentication type, when authentication is required...
+DefaultAuthType Basic
+
+# Web interface setting...
+WebInterface Yes
+
+# Timeout after cupsd exits if idle (applied only if cupsd runs on-demand - with -l)
+IdleExitTimeout 60
+
+# Restrict access to the server...
+<Location />
+  Order allow,deny
+  Allow @LOCAL
+</Location>
+
+# Restrict access to the admin pages...
+<Location /admin>
+  Order allow,deny
+  Allow @LOCAL
+</Location>
+
+# Restrict access to configuration files...
+<Location /admin/conf>
+  AuthType Default
+  Require user @SYSTEM
+  Order allow,deny
+</Location>
+
+# Restrict access to log files...
+<Location /admin/log>
+  AuthType Default
+  Require user @SYSTEM
+  Order allow,deny
+</Location>
+
+# Set the default printer/job policies...
+<Policy default>
+  # Job/subscription privacy...
+  JobPrivateAccess default
+  JobPrivateValues default
+  SubscriptionPrivateAccess default
+  SubscriptionPrivateValues default
+
+  # Job-related operations must be done by the owner or an administrator...
+  <Limit Create-Job Print-Job Print-URI Validate-Job>
+    Order deny,allow
+  </Limit>
+
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  # All administration operations require an administrator to authenticate...
+  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  # All printer operations require a printer operator to authenticate...
+  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  # Only the owner or an administrator can cancel or authenticate a job...
+  <Limit Cancel-Job CUPS-Authenticate-Job>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  <Limit All>
+    Order deny,allow
+  </Limit>
+</Policy>
+
+# Set the authenticated printer/job policies...
+<Policy authenticated>
+  # Job/subscription privacy...
+  JobPrivateAccess default
+  JobPrivateValues default
+  SubscriptionPrivateAccess default
+  SubscriptionPrivateValues default
+
+  # Job-related operations must be done by the owner or an administrator...
+  <Limit Create-Job Print-Job Print-URI Validate-Job>
+    AuthType Default
+    Order deny,allow
+  </Limit>
+
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+    AuthType Default
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  # All administration operations require an administrator to authenticate...
+  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  # All printer operations require a printer operator to authenticate...
+  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  # Only the owner or an administrator can cancel or authenticate a job...
+  <Limit Cancel-Job CUPS-Authenticate-Job>
+    AuthType Default
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  <Limit All>
+    Order deny,allow
+  </Limit>
+</Policy>
+
+# Set the kerberized printer/job policies...
+<Policy kerberos>
+  # Job/subscription privacy...
+  JobPrivateAccess default
+  JobPrivateValues default
+  SubscriptionPrivateAccess default
+  SubscriptionPrivateValues default
+
+  # Job-related operations must be done by the owner or an administrator...
+  <Limit Create-Job Print-Job Print-URI Validate-Job>
+    AuthType Negotiate
+    Order deny,allow
+  </Limit>
+
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+    AuthType Negotiate
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  # All administration operations require an administrator to authenticate...
+  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  # All printer operations require a printer operator to authenticate...
+  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  # Only the owner or an administrator can cancel or authenticate a job...
+  <Limit Cancel-Job CUPS-Authenticate-Job>
+    AuthType Negotiate
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  <Limit All>
+    Order deny,allow
+  </Limit>
+</Policy>
+

cups-dev/rootfs/etc/s6-overlay/s6-rc.d/avahi-daemon/run

@@ -0,0 +1,11 @@
+#!/usr/bin/with-contenv bashio
+
+ulimit -n 1048576
+
+bashio::log.info "Starting Avahi daemon from S6"
+
+until [ -e /run/dbus/system_bus_socket ]; do
+  sleep 1s
+done
+
+avahi-daemon

cups-dev/rootfs/etc/s6-overlay/s6-rc.d/avahi-daemon/type

@@ -0,0 +1 @@
+longrun

cups-dev/rootfs/etc/s6-overlay/s6-rc.d/cups-server/run

@@ -0,0 +1,12 @@
+#!/usr/bin/with-contenv bashio
+
+ulimit -n 1048576
+
+bashio::log.info "Starting CUPS server from S6"
+
+until [ -e /var/run/avahi-daemon/socket ]; do
+  sleep 1s
+done
+
+cupsd -f
+

cups-dev/rootfs/etc/s6-overlay/s6-rc.d/cups-server/type

@@ -0,0 +1 @@
+longrun

cups-dev/rootfs/etc/s6-overlay/s6-rc.d/dbus-daemon/run

@@ -0,0 +1,7 @@
+#!/usr/bin/with-contenv bashio
+
+ulimit -n 1048576
+
+bashio::log.info "Starting DBUS daemon from S6"
+
+dbus-daemon --system --nofork

cups-dev/rootfs/etc/s6-overlay/s6-rc.d/dbus-daemon/type

@@ -0,0 +1 @@
+longrun

cups-dev/rootfs/etc/s6-overlay/s6-rc.d/initialization/type

@@ -0,0 +1 @@
+oneshot

cups-dev/rootfs/etc/s6-overlay/s6-rc.d/initialization/up

@@ -0,0 +1,4 @@
+#!/usr/bin/env bashio
+
+mkdir -p /var/run/dbus
+

cups-dev/rootfs/run.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/with-contenv bashio
+
+ulimit -n 1048576
+
+until [ -e /var/run/avahi-daemon/socket ]; do
+  sleep 1s
+done
+
+bashio::log.info "Starting CUPS server as CMD from S6"
+
+cupsd -f