-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Co-authored-by: Lucas Vazquez <lucas.vazquez@enviame.io>
- Loading branch information
Showing
11 changed files
with
507 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# Prefix for services and networks. | ||
CONTAINER_NAME_PREFIX=printers | ||
|
||
CONTAINER_CADDY_SERVICE_HTTP_PORT=80 | ||
CONTAINER_CADDY_SERVICE_HTTPS_PORT=443 | ||
|
||
# The CONTAINER_TARGET could be `localhost` or `production`. | ||
# Production mode requires a DOMAIN and EMAIL for certbot. | ||
CONTAINER_TARGET=localhost | ||
CERTBOT_EMAIL= | ||
CERTBOT_DOMAIN= | ||
|
||
CUPS_ADMIN_USER=admin | ||
CUPS_ADMIN_PASSWORD=root |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,109 @@ | ||
# Printers | ||
|
||
Printers service containerized. | ||
Caddy (with TLS) + CUPS. | ||
|
||
<details><summary>Podman</summary> | ||
|
||
## Initial Setup | ||
|
||
```sh | ||
echo 'unqualified-search-registries = ["docker.io"]' | sudo tee -a /etc/containers/registries.conf | ||
cp .env.example .env | ||
podman-compose build | ||
``` | ||
|
||
## Run the container containers | ||
|
||
### Develop | ||
|
||
1) Ensure the `CONTAINER_TARGET` env variable is `localhost`. | ||
2) Run the container: | ||
```sh | ||
podman-compose up --remove-orphans --abort-on-container-exit | ||
``` | ||
|
||
### Production | ||
|
||
1) Ensure the `CONTAINER_TARGET` env variable is `production`. | ||
2) Complete the `CERTBOT_EMAIL` and `CERTBOT_DOMAIN` env variables. | ||
3) Run the container in background: | ||
```sh | ||
podman-compose up --remove-orphans -d | ||
``` | ||
|
||
## Handle containers | ||
|
||
Stop the containers: | ||
```sh | ||
prefix="$(grep -E '^CONTAINER_NAME_PREFIX=' .env | cut -d '=' -f2)" \ | ||
podman ps --format="{{.Names}}" | grep "$prefix" | xargs -r podman kill | ||
``` | ||
|
||
Delete everything related to containers (requires them to be stopped): | ||
```sh | ||
prefix="$(grep -E '^CONTAINER_NAME_PREFIX=' .env | cut -d '=' -f2)" \ | ||
&& # Delete containers: | ||
podman ps -a --format="{{.Names}}" | grep "$prefix" | xargs -r podman rm \ | ||
&& # Delete volumes: | ||
podman volume ls --format="{{.Name}}" | grep "$prefix" | xargs -r podman volume rm \ | ||
&& # Delete bind mounts: | ||
awk '/volumes:/ { while (getline > 0) { if ($1 ~ /^-/) { split($2, parts, ":"); if (parts[1] ~ /^\.\//) { print parts[1] } } else { break } } }' podman-compose.yml \ | ||
| xargs -I {} sudo rm -rf {} \ | ||
&& # Delete networks: | ||
podman network ls --format="{{.Name}}" | grep "$prefix" | xargs -r podman network rm | ||
``` | ||
|
||
</details> | ||
|
||
<details><summary>Docker</summary> | ||
|
||
## Initial Setup | ||
|
||
```sh | ||
cp .env.example .env | ||
docker compose build | ||
``` | ||
|
||
## Run the container containers | ||
|
||
### Develop | ||
|
||
1) Ensure the `CONTAINER_TARGET` env variable is `localhost`. | ||
2) Run the container: | ||
```sh | ||
docker compose up --remove-orphans --abort-on-container-exit | ||
``` | ||
|
||
### Production | ||
|
||
1) Ensure the `CONTAINER_TARGET` env variable is `production`. | ||
2) Complete the `CERTBOT_EMAIL` and `CERTBOT_DOMAIN` env variables. | ||
3) Run the container in background: | ||
```sh | ||
docker compose up --remove-orphans -d | ||
``` | ||
|
||
## Handle containers | ||
|
||
Stop the containers: | ||
```sh | ||
prefix="$(grep -E '^CONTAINER_NAME_PREFIX=' .env | cut -d '=' -f2)" \ | ||
docker ps --format="{{.Names}}" | grep "$prefix" | xargs -r docker kill | ||
``` | ||
|
||
Delete everything related to containers (requires them to be stopped): | ||
```sh | ||
prefix="$(grep -E '^CONTAINER_NAME_PREFIX=' .env | cut -d '=' -f2)" \ | ||
&& # Delete containers: | ||
docker ps -a --format="{{.Names}}" | grep "$prefix" | xargs -r docker rm \ | ||
&& # Delete volumes: | ||
docker volume ls --format="{{.Name}}" | grep "$prefix" | xargs -r docker volume rm \ | ||
&& # Delete bind mounts: | ||
awk '/volumes:/ { while (getline > 0) { if ($1 ~ /^-/) { split($2, parts, ":"); if (parts[1] ~ /^\.\//) { print parts[1] } } else { break } } }' docker-compose.yml \ | ||
| xargs -I {} sudo rm -rf {} \ | ||
&& # Delete networks: | ||
docker network ls --format="{{.Name}}" | grep "$prefix" | xargs -r docker network rm | ||
``` | ||
|
||
</details> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
http://localhost:80 { | ||
reverse_proxy * cups:631 | ||
} | ||
|
||
https://localhost:443 { | ||
redir http://{host}{uri} | ||
tls internal | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
http://<DOMAIN>:80 { | ||
route /.well-known/acme-challenge/* { | ||
root * /var/www/html | ||
file_server | ||
} | ||
reverse_proxy * cups:631 | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
https://<DOMAIN>:443 { | ||
route /.well-known/acme-challenge/* { | ||
root * /var/www/html | ||
file_server | ||
} | ||
reverse_proxy * cups:631 | ||
tls /var/www/certs/fullchain.pem /var/www/certs/privkey.pem | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
FROM caddy:2.7.5-alpine AS base | ||
|
||
RUN apk update \ | ||
&& apk add --no-cache \ | ||
certbot | ||
|
||
COPY \ | ||
Caddyfile.ssl \ | ||
Caddyfile.not_ssl \ | ||
Caddyfile.localhost \ | ||
/etc/caddy/ | ||
|
||
RUN cd /etc/caddy \ | ||
&& sed -i "s/<DOMAIN>/${DOMAIN}/g" Caddyfile.* | ||
|
||
FROM base AS localhost | ||
|
||
CMD [\ | ||
"caddy", \ | ||
"run", \ | ||
"--config=/etc/caddy/Caddyfile.localhost" \ | ||
] | ||
|
||
FROM base AS production | ||
|
||
COPY entrypoint.sh /entrypoint.sh | ||
RUN chmod +x /entrypoint.sh | ||
ENTRYPOINT ["/entrypoint.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
#!/bin/sh | ||
set -e | ||
|
||
# Generate and validate the certificate for the first time. | ||
if [ ! -d /var/www/certs ] || [ -z "$(ls -A /var/www/certs)" ]; then | ||
mkdir /var/www/certs | ||
mkdir -p /var/www/html/.well-known/acme-challenge | ||
|
||
caddy run --config /etc/caddy/Caddyfile.not_ssl > caddy.log 2>&1 & | ||
echo $! > caddy.pid | ||
|
||
certbot certonly --webroot -w /var/www/html -d "$CERTBOT_DOMAIN" --email "$CERTBOT_EMAIL" --agree-tos | ||
cp /etc/letsencrypt/live/"$CERTBOT_DOMAIN"/fullchain.pem /var/www/certs/fullchain.pem | ||
cp /etc/letsencrypt/live/"$CERTBOT_DOMAIN"/privkey.pem /var/www/certs/privkey.pem | ||
|
||
kill -SIGINT "$(cat caddy.pid)" | ||
rm caddy.pid | ||
fi | ||
|
||
# Try to renew the certificate every day. | ||
echo "0 0 * * * certbot renew --quiet" | crontab - | ||
|
||
caddy run --config /etc/caddy/Caddyfile.ssl |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
FROM debian:testing-slim | ||
|
||
# Install Packages (basic tools, cups, basic drivers, HP drivers) | ||
RUN apt-get update \ | ||
&& apt-get install -y \ | ||
sudo \ | ||
whois \ | ||
usbutils \ | ||
cups \ | ||
cups-client \ | ||
cups-bsd \ | ||
cups-filters \ | ||
foomatic-db-compressed-ppds \ | ||
printer-driver-all \ | ||
openprinting-ppds \ | ||
hpijs-ppds \ | ||
hp-ppd \ | ||
hplip \ | ||
smbclient \ | ||
printer-driver-cups-pdf \ | ||
hplip \ | ||
printer-driver-gutenprint \ | ||
avahi-daemon \ | ||
&& apt-get clean \ | ||
&& rm -rf /var/lib/apt/lists/* | ||
|
||
ARG CUPS_ADMIN_USER | ||
ARG CUPS_ADMIN_PASSWORD | ||
RUN useradd \ | ||
--create-home \ | ||
--groups sudo,lp,lpadmin \ | ||
--shell=/bin/bash \ | ||
--password=$(mkpasswd $CUPS_ADMIN_PASSWORD) \ | ||
$CUPS_ADMIN_USER \ | ||
&& echo "$CUPS_ADMIN_USER ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers | ||
USER $CUPS_ADMIN_USER | ||
|
||
COPY cupsd.conf /etc/cups/cupsd.conf | ||
RUN sudo chmod -R a+rwx /var/spool \ | ||
&& sudo chmod -R a+rwx /etc/cups | ||
|
||
COPY avahi-daemon.conf /etc/avahi/avahi-daemon.conf | ||
|
||
CMD [\ | ||
"/usr/sbin/cupsd", \ | ||
"-f" \ | ||
] |
Oops, something went wrong.