Difference between revisions of "Skynet Software Wiki:Setup Pi"

From Skynet Software Wiki
Jump to navigation Jump to search
m (→‎Setup CUPS: Add allow from customers IP address text.)
(Added how to add a printer via Ethernet, made some links unclickable, few other small changes.)
Line 33: Line 33:
  
 
= Securing SSH and setting up the UFW firewall =
 
= Securing SSH and setting up the UFW firewall =
For further reference, see https://www.cups.org/doc/firewalls.html
+
For further reference, see [https://www.cups.org/doc/firewalls.html CUPS UFW Firewall page]
 
#sudo nano /etc/ssh/sshd_config
 
#sudo nano /etc/ssh/sshd_config
 
#*Add "AllowUsers skynet"
 
#*Add "AllowUsers skynet"
Line 91: Line 91:
 
#sudo usermod -a -G lpadmin skynet
 
#sudo usermod -a -G lpadmin skynet
 
#sudo cupsctl --remote-any
 
#sudo cupsctl --remote-any
#https://{internal_ip}:631 -> "Edit Configuration" and add this line to the bottom:
+
#<nowiki>https://{internal_ip}:631</nowiki> -> "Edit Configuration" and add this line to the bottom:
 
  MaxJobs 0
 
  MaxJobs 0
 
#Location "Location /" and "Location /admin" and replace the content with:
 
#Location "Location /" and "Location /admin" and replace the content with:
Line 103: Line 103:
 
#Once saved, make sure "Allow printing from the internet" is ticked.
 
#Once saved, make sure "Allow printing from the internet" is ticked.
  
= Add printer to CUPS - Zebra GK420d (USB) =
+
= Add printer to CUPS - Zebra GK420d =
#https://{internal_ip}:631 (change IP as required, user/pass is the skynet one)
+
 
#Administration -> Add Printer
+
== USB ==
##Select "Zebra Technologies ZTC GK420d (Zebra Technologies ZTC GK420d)" from the "Local Printers" list and "Continue".
+
#<nowiki>https://{internal_ip}:631</nowiki> (change IP as required, user/pass is the skynet one)
##Change "Name" to something simple - e.g. customer01, Description/Location as required and tick "Share This Printer" -> "Continue".
+
#Click "Administration" then "Add Printer".
##Model - Select "Zebra ZPL Label Printer (en)" and "Add Printer"
+
##Select "Zebra Technologies ZTC GK420d (Zebra Technologies ZTC GK420d)" from the "Local Printers" list then click "Continue".
#Administration" -> "Manage Printers" -> click the new printer -> "Administration" -> "Set Default Options"
+
##Change "Name" to something simple - e.g. customer01, Description/Location as required and tick "Share This Printer" then click "Continue".
#*Media Size -> "4.00x6.00" -> "Set Default Options"
+
##Model - Select "Zebra ZPL Label Printer (en)" then click "Add Printer".
 +
#Administration" -> "Manage Printers" -> click the new printer -> "Administration" -> "Set Default Options".
 +
#*Media Size -> "4.00x6.00" -> "Set Default Options".
 +
 
 +
== Ethernet ==
 +
#<nowiki>https://{internal_ip}:631</nowiki> (change IP as required, user/pass is the skynet one)
 +
#Click "Administration" then "Add Printer".
 +
##Select "AppSocket/HP JetDirect" from the "Other Network Printers:" list then click Continue.
 +
##Put "socket://<IP Address of printer> into the "Connection:" box then click "Continue".
 +
##Change "Name" to something simple - e.g. customer01, Description/Location as required, tick "Share This Printer" then click "Continue".
 +
##Model - Select "Zebra ZPL Label Printer (en)" and click "Add Printer".
 +
#Administration" -> "Manage Printers" -> click the new printer -> "Administration" -> "Set Default Options".
 +
#*Media Size -> "4.00x6.00" -> "Set Default Options".
  
 
= Customer Firewall Setup =
 
= Customer Firewall Setup =
Line 119: Line 131:
 
= Add Printer to Spitfire (Recon) =
 
= Add Printer to Spitfire (Recon) =
 
Now add the printer via Recon:
 
Now add the printer via Recon:
#https://recon.spitfire-ams.co.uk:631/
+
#<nowiki>https://recon.spitfire-ams.co.uk:631/</nowiki>
 
#"Administration" -> "Add Printer" -> "Internet Printing Protocol (ipp)"
 
#"Administration" -> "Add Printer" -> "Internet Printing Protocol (ipp)"
 
#ipp://skynet:{password}@{public_ip_address}:631/printers/{name}
 
#ipp://skynet:{password}@{public_ip_address}:631/printers/{name}
Line 137: Line 149:
 
  sed -i 's/"exited_cleanly":false/"exited_cleanly":true/' /home/pi/.config/chromium/Default/Preferences
 
  sed -i 's/"exited_cleanly":false/"exited_cleanly":true/' /home/pi/.config/chromium/Default/Preferences
 
  sed -i 's/"exit_type":"Crashed"/"exit_type":"Normal"/' /home/pi/.config/chromium/Default/Preferences
 
  sed -i 's/"exit_type":"Crashed"/"exit_type":"Normal"/' /home/pi/.config/chromium/Default/Preferences
  /usr/bin/chromium-browser --noerrdialogs --disable-infobars --kiosk http://sams.spitfire-ams.co.uk/tablet_scan.php &
+
  /usr/bin/chromium-browser --noerrdialogs --disable-infobars --kiosk <nowiki>http://sams.spitfire-ams.co.uk/tablet_scan.php</nowiki> &
  
 
#sudo nano /lib/systemd/system/kiosk.service
 
#sudo nano /lib/systemd/system/kiosk.service

Revision as of 10:23, 27 May 2021

Setting up a Raspberry Pi

  1. Put the Pi together.
  2. Connect to WiFi / Cable.
  3. Select "Raspberry Pi OS Lite"
  4. user pi, password raspberry
  5. Note the IP address
  6. sudo apt-get purge wolfram-engine scratch scratch2 nuscratch sonic-pi idle3 -y
  7. sudo apt-get purge smartsim java-common minecraft-pi libreoffice* -y
  8. sudo apt-get clean
  9. sudo apt-get autoremove -y
  10. sudo apt-get update
  11. sudo apt-get upgrade
  12. sudo apt-get dist-upgrade
  13. sudo apt-get install xdotool unclutter sed
  14. passwd - and note the new password.
  15. sudo raspi-config
    1. Interface Options
      • P1, P3, P4, P5, P7, P8 - All "No".
      • P6 - Set to "No" then "No" again.
      • P2 - Set to "Yes"
    2. Localisation Options
      • Timezone - set to "Europe" then "London".
      • WLAN Country - set to "GB".
      • Locale - set to "en_GB.UTF-8"

Setting up a new internal user

  1. sudo adduser skynet - note the new password.
  2. It will ask for a Full Name - set this as "Spitfire Support" - for the other options just press Enter
  3. sudo usermod -a -G adm,dialout,cdrom,sudo,audio,video,plugdev,games,users,input,netdev,gpio,i2c,spi skynet
  4. "sudo su - skynet" - double check this works fine.
  5. Logout of SSH and re-login as skynet.
  6. sudo pkill -u pi

Securing SSH and setting up the UFW firewall

For further reference, see CUPS UFW Firewall page

  1. sudo nano /etc/ssh/sshd_config
    • Add "AllowUsers skynet"
  2. sudo systemctl restart ssh
  3. sudo apt install ufw
  4. sudo ufw allow ssh
  5. sudo ufw allow 631
  6. sudo ufw allow 5353
  7. sudo ufw allow 53
  8. sudo ufw enable
  9. sudo ufw limit ssh/tcp
  10. sudo ufw allow from 84.92.64.163 to any port 22 (Plusnet)
  11. sudo ufw allow from 212.140.134.122 to any port 22 (Lea House)
  12. sudo ufw allow from 217.182.136.107 to any port 22 (Recon)
  13. sudo ufw allow from 192.168.0.0/16 to any port 22
  14. sudo ufw allow from Customer's IP Address to any port 22
  15. sudo ufw allow from 84.92.64.163 to any port 631
  16. sudo ufw allow from 212.140.134.122 to any port 631
  17. sudo ufw allow from 217.182.136.107 to any port 631
  18. sudo ufw allow from 192.168.0.0/16 to any port 631
  19. sudo ufw allow from Customer's IP Address to any port 631
  20. sudo ufw allow from 84.92.64.163 to any port 5353
  21. sudo ufw allow from 212.140.134.122 to any port 5353
  22. sudo ufw allow from 217.182.136.107 to any port 5353
  23. sudo ufw allow from 192.168.0.0/16 to any port 5353
  24. sudo ufw allow from Customer's IP Address to any port 5353
  25. sudo ufw allow from 84.92.64.163 to any port 53
  26. sudo ufw allow from 212.140.134.122 to any port 53
  27. sudo ufw allow from 217.182.136.107 to any port 53
  28. sudo ufw allow from 192.168.0.0/16 to any port 53
  29. sudo ufw allow from Customer's IP Address to any port 53

Setting up fail2ban for SSH

  1. sudo apt install fail2ban -y
  2. sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
  3. sudo nano /etc/fail2ban/jail.local - and add the following:
[ssh]
enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth.log
maxretry = 3
bantime  = -1

Make the Raspberry Pi Static

  1. sudo nano /etc/dhcpcd.conf
interface wlan0 (or eth0 if ethernet)
static ip_address=192.168.1.155/24 (or as required)
static routers=192.168.1.254 (or as required)
static domain_name_servers=192.168.1.254 (or as required)
  1. sudo nano /etc/hostname
    • Change the hostname to something - and keep track of it.

Setup CUPS

  1. sudo apt install cups
  2. sudo usermod -a -G lpadmin pi
  3. sudo usermod -a -G lpadmin skynet
  4. sudo cupsctl --remote-any
  5. https://{internal_ip}:631 -> "Edit Configuration" and add this line to the bottom:
MaxJobs 0
  1. Location "Location /" and "Location /admin" and replace the content with:
Order allow,deny
Allow from localhost
Allow from 84.92.64.163
Allow from 212.140.134.122
Allow from 217.182.136.107
Allow from 192.168.1.*
Allow from <Customers' IP Address>
  1. Once saved, make sure "Allow printing from the internet" is ticked.

Add printer to CUPS - Zebra GK420d

USB

  1. https://{internal_ip}:631 (change IP as required, user/pass is the skynet one)
  2. Click "Administration" then "Add Printer".
    1. Select "Zebra Technologies ZTC GK420d (Zebra Technologies ZTC GK420d)" from the "Local Printers" list then click "Continue".
    2. Change "Name" to something simple - e.g. customer01, Description/Location as required and tick "Share This Printer" then click "Continue".
    3. Model - Select "Zebra ZPL Label Printer (en)" then click "Add Printer".
  3. Administration" -> "Manage Printers" -> click the new printer -> "Administration" -> "Set Default Options".
    • Media Size -> "4.00x6.00" -> "Set Default Options".

Ethernet

  1. https://{internal_ip}:631 (change IP as required, user/pass is the skynet one)
  2. Click "Administration" then "Add Printer".
    1. Select "AppSocket/HP JetDirect" from the "Other Network Printers:" list then click Continue.
    2. Put "socket://<IP Address of printer> into the "Connection:" box then click "Continue".
    3. Change "Name" to something simple - e.g. customer01, Description/Location as required, tick "Share This Printer" then click "Continue".
    4. Model - Select "Zebra ZPL Label Printer (en)" and click "Add Printer".
  3. Administration" -> "Manage Printers" -> click the new printer -> "Administration" -> "Set Default Options".
    • Media Size -> "4.00x6.00" -> "Set Default Options".

Customer Firewall Setup

Now make sure the following ports are forwarded to the printer from the external firewall (change as required) - if any of these are changed, you will need to change the above steps as well.

  1. 631 for cups
  2. 22 for ssh

Add Printer to Spitfire (Recon)

Now add the printer via Recon:

  1. https://recon.spitfire-ams.co.uk:631/
  2. "Administration" -> "Add Printer" -> "Internet Printing Protocol (ipp)"
  3. ipp://skynet:{password}@{public_ip_address}:631/printers/{name}
  4. "Administration" -> "Manage Printers" -> click the new printer -> "Administration" -> "Set Default Options"
    1. Resolution to 300 dpi
    2. Override A4 with Letter to "No"
    3. "Set Default Options"

Setting up Pi as a Kiosk

  1. sudo nano /home/pi/kiosk.sh
#!/bin/bash
export DISPLAY=:0
xset s noblank
xset s off
xset -dpms
unclutter -idle 0.5 -root &
sed -i 's/"exited_cleanly":false/"exited_cleanly":true/' /home/pi/.config/chromium/Default/Preferences
sed -i 's/"exit_type":"Crashed"/"exit_type":"Normal"/' /home/pi/.config/chromium/Default/Preferences
/usr/bin/chromium-browser --noerrdialogs --disable-infobars --kiosk http://sams.spitfire-ams.co.uk/tablet_scan.php &
  1. sudo nano /lib/systemd/system/kiosk.service
[Unit]
Description=Chromium Kiosk
Wants=graphical.target
After=graphical.target
[Service]
Environment=DISPLAY=:0.0
Environment=XAUTHORITY=/home/pi/.Xauthority
Type=simple
ExecStart=/bin/bash /home/pi/kiosk.sh
Restart=on-abort
User=pi
Group=pi
[Install]
WantedBy=graphical.target
  1. sudo systemctl enable kiosk.service
  2. sudo systemctl start kiosk.service
  1. sudo nano /home/pi/.config/autostart/kiosk.desktop
[Desktop Entry]
Type=Application
Name=Kiosk
Exec=/home/pi/kiosk.sh
X-GNOME-Autostart-enabled=true
  1. sudo chmod 755 kiosk.sh
  2. sudo chown pi:pi kiosk.sh

After Testing

Once all of the above has been completed, you can test a print locally. Before sending it off to the customer, make sure to comment out the settings from "/etc/dhcpcd.conf" under "Make the Raspberry Pi Static" are commented out, as then it'll be easier to locate it on the customers network and repeat any firewall steps.