diff --git a/dots/cups/cups-files.conf b/dots/cups/cups-files.conf new file mode 100644 index 0000000..2957e06 --- /dev/null +++ b/dots/cups/cups-files.conf @@ -0,0 +1,84 @@ +# +# File/directory/user/group configuration file for the CUPS scheduler. +# See "man cups-files.conf" for a complete description of this file. +# + +# List of events that are considered fatal errors for the scheduler... +#FatalErrors config + +# Do we call fsync() after writing configuration or status files? +#SyncOnClose No + +# Default user and group for filters/backends/helper programs; this cannot be +# any user or group that resolves to ID 0 for security reasons... +User 209 +Group 209 + +# Administrator user group, used to match @SYSTEM in cupsd.conf policy rules... +# This cannot contain the Group value for security reasons... +SystemGroup sys root wheel + + +# User that is substituted for unauthenticated (remote) root accesses... +#RemoteRoot remroot + +# Do we allow file: device URIs other than to /dev/null? +#FileDevice No + +# Permissions for configuration and log files... +#ConfigFilePerm 0640 +#LogFilePerm 0644 + +# Location of the file logging all access to the scheduler; may be the name +# "syslog". If not an absolute path, the value of ServerRoot is used as the +# root directory. Also see the "AccessLogLevel" directive in cupsd.conf. +AccessLog /var/log/cups/access_log + +# Location of cache files used by the scheduler... +#CacheDir /var/cache/cups + +# Location of data files used by the scheduler... +#DataDir /usr/share/cups + +# Location of the static web content served by the scheduler... +#DocumentRoot /usr/share/cups/doc + +# Location of the file logging all messages produced by the scheduler and any +# helper programs; may be the name "syslog". If not an absolute path, the value +# of ServerRoot is used as the root directory. Also see the "LogLevel" +# directive in cupsd.conf. +ErrorLog /var/log/cups/error_log + +# Location of the file logging all pages printed by the scheduler and any +# helper programs; may be the name "syslog". If not an absolute path, the value +# of ServerRoot is used as the root directory. Also see the "PageLogFormat" +# directive in cupsd.conf. +PageLog /var/log/cups/page_log + +# Location of the file listing all of the local printers... +#Printcap /etc/printcap + +# Format of the Printcap file... +#PrintcapFormat bsd +#PrintcapFormat plist +#PrintcapFormat solaris + +# Location of all spool files... +#RequestRoot /var/spool/cups + +# Location of helper programs... +#ServerBin /usr/lib/cups + +# SSL/TLS keychain for the scheduler... +#ServerKeychain ssl + +# Location of other configuration files... +#ServerRoot /etc/cups + +# Location of scheduler state files... +#StateDir /run/cups + +# Location of scheduler/helper temporary files. This directory is emptied on +# scheduler startup and cannot be one of the standard (public) temporary +# directory locations for security reasons... +#TempDir /var/spool/cups/tmp diff --git a/dots/cups/cups-files.conf.default b/dots/cups/cups-files.conf.default new file mode 100644 index 0000000..2957e06 --- /dev/null +++ b/dots/cups/cups-files.conf.default @@ -0,0 +1,84 @@ +# +# File/directory/user/group configuration file for the CUPS scheduler. +# See "man cups-files.conf" for a complete description of this file. +# + +# List of events that are considered fatal errors for the scheduler... +#FatalErrors config + +# Do we call fsync() after writing configuration or status files? +#SyncOnClose No + +# Default user and group for filters/backends/helper programs; this cannot be +# any user or group that resolves to ID 0 for security reasons... +User 209 +Group 209 + +# Administrator user group, used to match @SYSTEM in cupsd.conf policy rules... +# This cannot contain the Group value for security reasons... +SystemGroup sys root wheel + + +# User that is substituted for unauthenticated (remote) root accesses... +#RemoteRoot remroot + +# Do we allow file: device URIs other than to /dev/null? +#FileDevice No + +# Permissions for configuration and log files... +#ConfigFilePerm 0640 +#LogFilePerm 0644 + +# Location of the file logging all access to the scheduler; may be the name +# "syslog". If not an absolute path, the value of ServerRoot is used as the +# root directory. Also see the "AccessLogLevel" directive in cupsd.conf. +AccessLog /var/log/cups/access_log + +# Location of cache files used by the scheduler... +#CacheDir /var/cache/cups + +# Location of data files used by the scheduler... +#DataDir /usr/share/cups + +# Location of the static web content served by the scheduler... +#DocumentRoot /usr/share/cups/doc + +# Location of the file logging all messages produced by the scheduler and any +# helper programs; may be the name "syslog". If not an absolute path, the value +# of ServerRoot is used as the root directory. Also see the "LogLevel" +# directive in cupsd.conf. +ErrorLog /var/log/cups/error_log + +# Location of the file logging all pages printed by the scheduler and any +# helper programs; may be the name "syslog". If not an absolute path, the value +# of ServerRoot is used as the root directory. Also see the "PageLogFormat" +# directive in cupsd.conf. +PageLog /var/log/cups/page_log + +# Location of the file listing all of the local printers... +#Printcap /etc/printcap + +# Format of the Printcap file... +#PrintcapFormat bsd +#PrintcapFormat plist +#PrintcapFormat solaris + +# Location of all spool files... +#RequestRoot /var/spool/cups + +# Location of helper programs... +#ServerBin /usr/lib/cups + +# SSL/TLS keychain for the scheduler... +#ServerKeychain ssl + +# Location of other configuration files... +#ServerRoot /etc/cups + +# Location of scheduler state files... +#StateDir /run/cups + +# Location of scheduler/helper temporary files. This directory is emptied on +# scheduler startup and cannot be one of the standard (public) temporary +# directory locations for security reasons... +#TempDir /var/spool/cups/tmp diff --git a/dots/cups/cups-pdf.conf b/dots/cups/cups-pdf.conf new file mode 100644 index 0000000..b1af57d --- /dev/null +++ b/dots/cups/cups-pdf.conf @@ -0,0 +1,302 @@ +# cups-pdf.conf -- CUPS Backend Configuration (version 3.0.1, 2017-02-24) +# 18.09.2005, Volker C. Behr +# volker@cups-pdf.de +# http://www.cups-pdf.de +# +# +# This code may be freely distributed as long as this header +# is preserved. Changes to the code should be clearly indicated. +# +# This code is distributed under the GPL. +# (http://www.gnu.org/copyleft/gpl.html) +# +# For more detailed licensing information see cups-pdf.c in the +# corresponding version number. + +########################################################################### +# # +# This is the configuration file for CUPS-PDF. Values that are not set in # +# here will use the defaults. Changes take effect immediately without the # +# need for restarting any services. # +# # +# Take care not to add whitespaces at the end of a line! # +# # +# Options are marked where they can be set (setting via PPD requires the # +# PPD file that comes with CUPS-PDF to be used!). # +# Options passed via lpoptions that are not named for lpoptions here are # +# ignored. # +# Options precedence is as follows: # +# 1st: lpoptions # +# 2nd: PPD settings # +# 3rd: config file (this file) # +# 4th: default values # +########################################################################### + + +########################################################################### +# # +# Path Settings # +# # +########################################################################### + +### Key: Out (config) +## CUPS-PDF output directory +## special qualifiers: +## ${HOME} will be expanded to the user's home directory +## ${USER} will be expanded to the user name +## in case it is an NFS export make sure it is exported without +## root_squash! +### Default: /var/spool/cups-pdf/${USER} + +#Out /var/spool/cups-pdf/${USER} + +### Key: AnonDirName (config) +## ABSOLUTE path for anonymously created PDF files +## if anonymous access is disabled this setting has no effect +### Default: /var/spool/cups-pdf/ANONYMOUS + +#AnonDirName /var/spool/cups-pdf/ANONYMOUS + +### Key: Spool (config) +## CUPS-PDF spool directory - make sure there is no user 'SPOOL' on your +## system or change the path +### Default: /var/spool/cups-pdf/SPOOL + +#Spool /var/spool/cups-pdf/SPOOL + + +########################################################################### +# # +# Filename Settings # +# # +########################################################################### + +### Key: Truncate (config, ppd, lpoptions) +## truncate long filenames to a maximum of characters +## this does not consider the full path to the output but only the filename +## without the .pdf-extension or a job-id prefix (see 'Label') +## the minimal value is 8 +### Default: 64 + +#Truncate 64 + +### Key: Cut (config, lpoptions) +## removing file name extensions before appending .pdf to output +## extensions will only be removed if _both_ the following criteria are met: +## - the extension (w/o the dot) is not longer than characters +## - the remaining filename has a minimal length of 1 character +## set Cut to -1 in order to disable cutting +## recommended values: pure UNIX environment : -1 +## mixed environments : 3 +### Default: 3 + +#Cut 3 + +### Key: Label (config, ppd, lpoptions) +## label all jobs with a unique job-id in order to avoid overwriting old +## files in case new ones with identical names are created; always true for +## untitled documents +## 0: label untitled documents only +## 1: label all documents with a preceeding "job_#-" +## 2: label all documents with a tailing "-job_#" +### Default: 0 + +#Label 0 + +### Key: TitlePref (config, ppd, lpoptions) +## where to look first for a title when creating the output filename +## (title in PS file or title on commandline): +## 0: prefer title from %Title statement in the PS file +## 1: prefer title passed via commandline +### Default: 0 + +#TitlePref 0 + + +########################################################################### +# # +# User Settings # +# # +########################################################################### + +### Key: AnonUser (config) +## uid for anonymous PDF creation (this might be a security issue) +## this setting has no influence on AnonDirName (see there) +## set this to an empty value to disable anonymous +### Default: nobody + +#AnonUser nobody + +### Key: LowerCase (config) +## This options allows to check user names given to CUPS-PDF additionally +## against their lower case variants. This is necessary since in some +## Windows environments only upper case user names are passed. Usually UNIX +## user names are all lower case and it is save to use this option +## but be aware that it can lead to mis-identifications in case +## you have user names that differ only in upper/lower case. +## check only against user name as passed to CUPS : 0 +## check additionally against lower case user name : 1 +### Default: 1 + +#LowerCase 1 + +### Key: UserPrefix (config) +## some installations require a domain prefix added to the user name +## leave empty for no prefix +### Default: + +#UserPrefix + +### Key: DirPrefix (config) +## if a prefix was defined above this switch toggels whether to include +## the prefix in the output directory's name (if not $HOME) or not +## 0: do not include, 1: include +### Default: 0 + +#DirPrefix 0 + +### Key: RemovePrefix (config) +## some installation pass usernames with a prefix (usually a domain name) +## if you do not want this prefix to be used by the ${USER} variable for +## output directories put the part which is to be cut here +### Default: + +#RemovePrefix + + +########################################################################### +# # +# Security Settings # +# # +########################################################################### + +### Key: AnonUMask (config) +## umask for anonymous output +## these are the _inverse_ permissions to be granted +### Default: 0000 + +#AnonUMask 0000 + +### Key: UserUMask (config, lptoptions) +## umask for user output of known users +## changing this can introduce security leaks if confidential +## information is processed! +### Default: 0077 + +#UserUMask 0077 + +### Key: Grp (config) +## group cups-pdf is supposed to run as - this will also be the gid for all +## created directories and log files +### Default: cups + +Grp cups + +### Key: AllowUnsafeOptions (config) +## DON'T CHANGE THIS SETTING UNLESS YOU ABSOLUTELY KNOW WHAT YOU ARE DOING +## set to 1 in order to allow users to override any option - including +## those that pose SEVERE SECURITY RISKS, set to 0 for full security +### Default: 0 + +#AllowUnsafeOptions 0 + + +########################################################################### +# # +# Log Settings # +# # +########################################################################### + +### Key: Log (config) +## CUPS-PDF log directory +## set this to an empty value to disable all logging +### Default: /var/log/cups + +#Log /var/log/cups + +### Key: LogType (config, ppd) +## log-mode +## 1: errors +## 2: status (i.e. activity) +## 4: debug - this will generate a lot of log-output! +## add up values to combine options, i.e. 7 is full logging +## if logging is disabled these setting have no effect +### Default: 3 + +#LogType 3 + + +########################################################################### +# # +# PDF Conversion Settings # +# # +########################################################################### + +### Key: GhostScript (config) +## location of GhostScript binary (gs) +## MacOSX: for using pstopdf (recommended) set this to /usr/bin/pstopdf +## or its proper location on your system +### Default: /usr/bin/gs + +#GhostScript /usr/bin/gs + +### Key: GSTmp (config) +## location of temporary files during GhostScript operation +## this must be user-writable like /var/tmp or /tmp ! +### Default: /var/tmp + +#GSTmp /var/tmp + +### Key: GSCall (config) +## command line for calling GhostScript (!!! DO NOT USE NEWLINES !!!) +## MacOSX: for using pstopdf set this to %s %s -o %s %s +### Default: %s -q -dCompatibilityLevel=%s -dNOPAUSE -dBATCH -dSAFER -sDEVICE=pdfwrite -sOutputFile="%s" -dAutoRotatePages=/PageByPage -dAutoFilterColorImages=false -dColorImageFilter=/FlateEncode -dPDFSETTINGS=/prepress -c -f %s + +#GSCall %s -q -dCompatibilityLevel=%s -dNOPAUSE -dBATCH -dSAFER -sDEVICE=pdfwrite -sOutputFile="%s" -dAutoRotatePages=/PageByPage -dAutoFilterColorImages=false -dColorImageFilter=/FlateEncode -dPDFSETTINGS=/prepress -c -f %s + +### Key: PDFVer (config, ppd, lptopions) +## PDF version to be created - can be "1.5", "1.4", "1.3" or "1.2" +## MacOSX: for using pstopdf set this to an empty value +### Default: 1.4 + +#PDFVer 1.4 + +### Key: PostProcessing (config, lptoptions) +## postprocessing script that will be called after the creation of the PDF +## as arguments the filename of the PDF, the username as determined by +## CUPS-PDF and the one as given to CUPS-PDF will be passed +## the script will be called with user privileges +## set this to an empty value to use no postprocessing +### Default: + +#PostProcessing + + +########################################################################### +# # +# Experimental Settings # +# These settings activate experimental options. If you decide to use # +# them I would appreciate any feedback - including an 'ok' if they # +# work as expected - so I can eventually put them into the non- # +# experimental sections. # +# # +########################################################################### + +### Key: DecodeHexStrings (config) +## this option will try to decode hex strings in the title to allow +## internationalized titles +## (have a look at pstitleconv on www.cups-pdf.de for a suitable filter +## for data from Windows clients) +## 0: disable, 1: enable +### Default: 0 + +#DecodeHexStrings 0 + +### Key: FixNewlines (config) +## this option will try to fix various unusal line delimiters (e.g. +## form feeds) +## especially useful when using non-Linux-generated files +## 0: disable, 1: enable +### Default: 0 + +#FixNewlines 0 diff --git a/dots/cups/cupsd.conf b/dots/cups/cupsd.conf new file mode 100644 index 0000000..a75a647 --- /dev/null +++ b/dots/cups/cupsd.conf @@ -0,0 +1,205 @@ +# +# Configuration file for the CUPS scheduler. See "man cupsd.conf" for a +# complete description of this file. +# + +# Log general information in error_log - change "warn" to "debug" +# for troubleshooting... +LogLevel warn +#PageLogFormat + +# Specifies the maximum size of the log files before they are rotated. The value "0" disables log rotation. +MaxLogSize 0 + +# Default error policy for printers +ErrorPolicy stop-printer + +# Only listen for connections from the local machine. +Listen localhost:631 +Listen /run/cups/cups.sock + +# Show shared printers on the local network. +Browsing Yes +BrowseLocalProtocols dnssd + +# Default authentication type, when authentication is required... +DefaultAuthType Basic + +# Web interface setting... +WebInterface Yes + +# Timeout after cupsd exits if idle (applied only if cupsd runs on-demand - with -l) +IdleExitTimeout 60 + +# Restrict access to the server... + + Order allow,deny + + +# Restrict access to the admin pages... + + AuthType Default + Require user @SYSTEM + Order allow,deny + + +# Restrict access to configuration files... + + AuthType Default + Require user @SYSTEM + Order allow,deny + + +# Restrict access to log files... + + AuthType Default + Require user @SYSTEM + Order allow,deny + + +# Set the default printer/job policies... + + # Job/subscription privacy... + JobPrivateAccess default + JobPrivateValues default + SubscriptionPrivateAccess default + SubscriptionPrivateValues default + + # Job-related operations must be done by the owner or an administrator... + + Order deny,allow + + + + Require user @OWNER @SYSTEM + Order deny,allow + + + + AuthType Default + Require user @OWNER @SYSTEM + Order deny,allow + + + # All administration operations require an administrator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # All printer operations require a printer operator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # Only the owner or an administrator can cancel or authenticate a job... + + Require user @OWNER @SYSTEM + Order deny,allow + + + + AuthType Default + Require user @OWNER @SYSTEM + Order deny,allow + + + + Order deny,allow + + + +# Set the authenticated printer/job policies... + + # Job/subscription privacy... + JobPrivateAccess default + JobPrivateValues default + SubscriptionPrivateAccess default + SubscriptionPrivateValues default + + # Job-related operations must be done by the owner or an administrator... + + AuthType Default + Order deny,allow + + + + AuthType Default + Require user @OWNER @SYSTEM + Order deny,allow + + + # All administration operations require an administrator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # All printer operations require a printer operator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # Only the owner or an administrator can cancel or authenticate a job... + + AuthType Default + Require user @OWNER @SYSTEM + Order deny,allow + + + + Order deny,allow + + + +# Set the kerberized printer/job policies... + + # Job/subscription privacy... + JobPrivateAccess default + JobPrivateValues default + SubscriptionPrivateAccess default + SubscriptionPrivateValues default + + # Job-related operations must be done by the owner or an administrator... + + AuthType Negotiate + Order deny,allow + + + + AuthType Negotiate + Require user @OWNER @SYSTEM + Order deny,allow + + + # All administration operations require an administrator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # All printer operations require a printer operator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # Only the owner or an administrator can cancel or authenticate a job... + + AuthType Negotiate + Require user @OWNER @SYSTEM + Order deny,allow + + + + Order deny,allow + + diff --git a/scripts/99_deploy.sh b/scripts/99_deploy.sh index 4824936..833e72c 100644 --- a/scripts/99_deploy.sh +++ b/scripts/99_deploy.sh @@ -200,6 +200,12 @@ if [ ${operation} == "dots" ] ; then # ... # ---------- + file_path=/etc/cups + deploy_file "${dots_trg}/cups/*" "${file_path}/" no_chown + + #lpadmin -p Brother_HL-L2310D_series -D "Brother HL-L2310D_series" -E -v usb://Brother/HL-L2310D%20series?serial=E78096L7N181893 -m lsb/usr/cupsfilters/brother-HLL2310D-cups-en.ppd + + #lpadmin -p Brother_HL-L2310D_series -D "Brother HL-L2310D_series" -E -v usb://Brother/HL-L2310D%20series?serial=E78096L7N181893 -m lsb/usr/cupsfilters/brother-HLL2310D-cups-en.ppd #lpadmin -p Brother_QL-700 -D "Brother QL-700" -E -v usb://Brother/QL-700?serial=000L0Z530516 -m brother_ql700_printer_en.ppd