Beta ready zmb-cups

2024-11-07 19:31:58 +01:00 · 2023-11-27 21:49:00 +01:00 · 2023-11-27 21:49:00 +01:00 · 80ad64f422
commit 80ad64f422
parent 9fa103d8ae
2 changed files with 21 additions and 18 deletions
--- a/src/zmb-cups/constants-service.conf
+++ b/src/zmb-cups/constants-service.conf
@ -11,7 +11,7 @@
 LXC_TEMPLATE_VERSION="debian-12-standard"
 # Create sharefs mountpoint
-LXC_MP="0"
+LXC_MP="1"
 # Create unprivileged container
 LXC_UNPRIVILEGED="0"
@ -23,4 +23,4 @@ LXC_NESTING="1"
 LXC_MEM_MIN=1024
 # service dependent meta tags
-SERVICE_TAGS="samba,member,fileserver"
+SERVICE_TAGS="samba,member,cups,printserver"
--- a/src/zmb-cups/install-service.sh
+++ b/src/zmb-cups/install-service.sh
@ -19,7 +19,7 @@ mv /etc/krb5.conf /etc/krb5.conf.bak
 cat > /etc/krb5.conf <<EOF
 [libdefaults]
 	default_realm = $ZMB_REALM
-    ticket_lifetime = 600
+	ticket_lifetime = 600
 	dns_lookup_realm = true
 	dns_lookup_kdc = true
 	renew_lifetime = 7d
@ -37,12 +37,11 @@ cat > /etc/samba/smb.conf <<EOF
 	server string = %h server
 	vfs objects = acl_xattr shadow_copy2
-    map acl inherit = Yes
+	map acl inherit = Yes
-    store dos attributes = Yes
+	store dos attributes = Yes
 	idmap config *:backend = tdb
 	idmap config *:range = 3000000-4000000
 	idmap config *:schema_mode = rfc2307
 	username map = /etc/samba/user.map
 	winbind refresh tickets = Yes
 	winbind use default domain = Yes
@ -69,18 +68,19 @@ cat > /etc/samba/smb.conf <<EOF
 	shadow: format = -%Y-%m-%d-%H%M
 	shadow: snapprefix = ^zfs-auto-snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(weekly\)\{0,1\}\(monthly\)\{0,1\}\(backup\)\{0,1\}\(manual\)\{0,1\}
 	shadow: delimiter = -20
 	printing = CUPS
 	rpcd_spoolss:idle_seconds=300
 	rpcd_spoolss:num_workers = 10
 	spoolss: architecture = Windows x64
 [printers]
-    path = /var/tmp/
+	path = /${LXC_SHAREFS_MOUNTPOINT}/spool
-    printable = yes
+	printable = yes
 [print$]
-	path = /var/lib/samba/printers
+	path = /${LXC_SHAREFS_MOUNTPOINT}/printerdrivers
-    read only = no
+	read only = no
 EOF
@ -93,14 +93,17 @@ echo -e "session optional        pam_mkhomedir.so skel=/etc/skel umask=077" >> /
 systemctl restart winbind nmbd
-chown -R ${ZMB_ADMIN_USER}:"domain admins" /var/lib/samba/printers
+mkdir -p /${LXC_SHAREFS_MOUNTPOINT}/{spool,printerdrivers}
-chmod -R 2775 /var/lib/samba/printers
+cp -rv /var/lib/samba/printers/* /${LXC_SHAREFS_MOUNTPOINT}/printerdrivers
-setfacl -Rb /var/lib/samba/printers
+chown -R root:"domain admins" /${LXC_SHAREFS_MOUNTPOINT}/printerdrivers
-setfacl -Rm u:${ZMB_ADMIN_USER}:rwx,g:"domain admins":rwx,g:"NT Authority/authenticated users":r--,g:"NT Authority/system":rwx,o::--- /var/lib/samba/printers
+chmod -R 1777 /${LXC_SHAREFS_MOUNTPOINT}/spool
-setfacl -Rdm u:${ZMB_ADMIN_USER}:rwx,g:"domain admins":rwx,g:"NT Authority/authenticated users":r--,g:"NT Authority/system":rwx,o::--- /var/lib/samba/printers
+chmod -R 2775 /${LXC_SHAREFS_MOUNTPOINT}/printerdrivers
-echo -e "${ZMB_ADMIN_PASS}" | net rpc rights grant "${ZMB_DOMAIN}\\Domain Admins" SePrintOperatorPrivilege -U "${ZMB_DOMAIN}\\${ZMB_ADMIN_USER}"
+setfacl -Rb /${LXC_SHAREFS_MOUNTPOINT}/printerdrivers
-echo -e "!root = ${ZMB_DOMAIN}\\administrator ${ZMB_DOMAIN}\\Administrator" > /etc/samba/user.map
+setfacl -Rm u:${ZMB_ADMIN_USER}:rwx,g:"domain admins":rwx,g:"NT Authority/authenticated users":r-x,o::--- /${LXC_SHAREFS_MOUNTPOINT}/printerdrivers
 setfacl -Rdm u:${ZMB_ADMIN_USER}:rwx,g:"domain admins":rwx,g:"NT Authority/authenticated users":r-x,o::--- /${LXC_SHAREFS_MOUNTPOINT}/printerdrivers
 echo -e "${ZMB_ADMIN_PASS}" | net rpc rights grant "${ZMB_DOMAIN}\\domain admins" SePrintOperatorPrivilege -U "${ZMB_DOMAIN}\\${ZMB_ADMIN_USER}"
 systemctl disable --now cups-browsed.service
 cupsctl --remote-admin
-systemctl restart cups smbd nmbd winbind wsdd
+systemctl restart cups smbd nmbd winbind wsdd