Skynet Software Wiki:Setup Pi

From Skynet Software Wiki
Jump to navigation Jump to search

Setting up a Raspberry Pi

  1. Insert a 16GB or larger MicroSD Card into your computer. If we got the card with the OS pre-installed, you still need to do the below, as SSH is disabled on it.
  2. Download and open the Raspberry Pi Imager software. (Latest version as of the last edit of this Wiki: 1.9.6)
    1. Raspberry Pi Device - Choose the correct Raspberry Pi Device from the drop down
    2. Operating System - If the Raspberry Pi is being used as a:
      • Clocking In / Dispatch device, choose "Raspberry Pi OS (64-bit)".
      • Print Server, choose "Raspberry Pi OS Lite (64-bit)" under 'Raspberry Pi OS (Other)'.
    3. Storage: ensure you choose the MicroSD Card to install to from the drop down list.
  3. Click 'NEXT'.
    1. The Imager should offer to 'use OS customisation' - click 'EDIT SETTINGS'. (if it doesn't, close the Imager software and try again)
    2. General Tab
      1. Tick 'Set hostname:' and input the hostname into the box.
      2. Tick 'Set username and password'.
      3. Set the Username as 'skynet'.
      4. Set a password and keep a note of it.
    3. If the Raspberry Pi will be connected to WiFi and you have the details:
      1. Tick 'Configure wireless LAN'.
      2. Enter the 'SSID'.
      3. Enter the 'Password'.
      4. Leave Wireless LAN country as 'GB'.
      5. Tick 'Set locale settings'.
    4. Services Tab
      1. Tick 'Enable SSH'.
      2. Click 'Use password authentication'.
  4. Click 'SAVE'.
  5. Click 'YES', then assuming you have the correct MicroSD Card selected, click 'YES' again.
  6. The Imager software will then download & install the Raspberry Pi OS to the MicroSD Card. This may take a few minutes.
  7. Once it's installed and you've had the notification that the MicroSD can be removed, do so and insert it into the Raspberry Pi.
  8. Plug the Raspberry Pi into its PSU and plug an Ethernet Cable into it.
  9. Search for the IP of the Raspberry Pi on the BT Router by clicking here and connect to it via SSH2
  10. Username: skynet, Password: as set above.
  11. Run the following commands:
    1. sudo su
    2. apt purge wolfram-engine scratch nuscratch sonic-pi idle3 smartsim java-common libreoffice* -y
    3. apt clean
    4. apt autoremove -y
    5. apt update -y
    6. apt full-upgrade -y
    7. apt dist-upgrade -y
    8. apt install xdotool unclutter sed ufw fail2ban cups -y
  12. Then run command 'raspi-config' - Only change the following options:
    1. 1 System Options
      1. S5 - Boot - If the Raspberry Pi is being used as a:
        • Print Server: Choose "B1 Console Text console"
        • Clocking In or Dispatch device: Choose "B2 Desktop Desktop GUI"
      2. S7 Splash Screen (ignore this if the Raspberry Pi is being used as a Print Server)
        1. Set to "No"
    2. 3 Interface Options
      1. I2, I3, I4, I5, I7 & I8
        1. Set all to "No"
      2. I6
        1. Set to "No" then "No" again
    3. 6 Advanced Options
      1. A1 Expand Filesystem
        1. Run this

The Raspberry Pi should then ask if you want to reboot - choose "Yes". If it doesn't, run command "shutdown -r now" and wait for it to reboot.

Securing SSH and setting up the UFW firewall

For further reference, see CUPS UFW Firewall page

  1. sudo su
  2. nano /etc/ssh/sshd_config
    • Add "AllowUsers skynet"
  3. Hold Ctrl and press X
  4. Press Y
  5. Press Enter
  6. systemctl restart ssh
  7. ufw allow from 198.244.212.88 proto tcp to any port 22,53,631,5353 (Skynet)
  8. ufw allow from 57.129.146.10 proto tcp to any port 22,53,631,5353 (Cyberdyne)
  9. ufw allow from 213.123.226.216 proto tcp to any port 22,53,631,5353 (Office)
  10. ufw allow from 192.168.0.0/16 proto tcp to any port 22,53,631,5353 (Local)
  11. ufw allow from Customer's IP Address proto tcp to any port 22,53,631,5353
  12. ufw limit ssh/tcp (This will block attackers who have connected more than 5 times in 30 seconds)
  13. ufw enable
  14. Press Y
  15. Press Enter

Setting up fail2ban for SSH

  1. cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
  2. nano /etc/fail2ban/jail.local
  3. find:
# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
# will not ban a host which matches an address in this list. Several addresses
# can be defined using space (and/or comma) separator.
#ignoreip =  127.0.0.1/8::1
  1. Remove the '#' before #ignoreip
  2. Remove '127.0.0.1/8' - leave the '::1' at the end
  3. Add '198.244.212.88 57.129.146.10 213.123.226.216 lloydfam.damnserver.com 192.168.0.0/16' - leave the '::1' at the end
  4. Then find:
# "bantime" is the number of seconds that a host is banned.
bantime  = 10m
  1. Change 10m to 1y
  2. Then find:
# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 10m
  1. Change 10m to 1y
  2. Then find:
# "maxretry" is the number of failures before a host get banned.
maxretry = 5
  1. Change 5 to 3
  2. ONLY do this if it's a NEW Raspberry Pi - Find:
# Note: if systemd backend is chosen as the default but you enable a jail
#       for which logs are present only in its own log files, specify some other
#       backend for that jail (e.g. polling) and provide empty value for
#       journalmatch. See https://github.com/fail2ban/fail2ban/issues/959#issuecomment-74901200
backend = auto
  1. Change auto to systemd
  2. Then find:
#
# JAILS
#

#
# SSH servers
#

[sshd]

# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
# normal (default), ddos, extra or aggressive (combines all).
# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
#mode   = normal
port    = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s

Add the following below it: 

[ssh]
 enabled  = true
 port     = ssh
 filter   = sshd
 logpath  = /var/log/auth.log
 maxretry = 3
 bantime  = 1y
  1. Hold Ctrl and press X
  2. Press Y
  3. Press Enter

Fail2Ban must be restarted to load the new settings:

  1. service fail2ban restart

Setup CUPS

  1. usermod -a -G lpadmin skynet
  2. cupsctl --remote-any
  3. https://{internal_ip}:631 - Note that it may take up to 5 minutes before it starts responding and shows the CUPS GUI.
  4. "Edit Configuration" and add this line to the bottom:
MaxJobs 0
  1. Find "<Location />" and "<Location /admin>" and replace the content inside both areas with (don't remove "</Location />" and "</Location /admin>"):
Order allow,deny
Allow from localhost
Allow from 213.123.226.216
Allow from 198.244.212.88
Allow from 57.129.146.10
Allow from lloydfam.damnserver.com
Allow from 192.168.*
Allow from <Customers' IP Address>
  1. Further below find "<Location /admin/log>" and add the following below "Require user @SYSTEM" (don't remove "</Location /admin/log>"):
Order allow,deny
Allow @LOCAL
Allow from localhost
Allow from 213.123.226.216
Allow from 198.244.212.88
Allow from 57.129.146.10
Allow from lloydfam.damnserver.com
Allow from 192.168.*
Allow from <Customers' IP Address>
  1. Click "Save Changes".

Add label printer to CUPS on the Raspberry Pi - Zebra GK420d

USB

  1. https://{Raspberry Pi IP}:631 (change IP as required, user/pass is the skynet one)
  2. Click "Administration" then "Add Printer".
    1. Select "Zebra Technologies ZTC GK420d (Zebra Technologies ZTC GK420d)" from the "Local Printers" list then click "Continue".
    2. Change "Name" to something simple - e.g. customer01, Description/Location as required and tick "Share This Printer" then click "Continue".
    3. Model - Select "Zebra ZPL Label Printer (en)" then click "Add Printer".
  3. On Default Options:
    1. Media Size -> "4.00x6.00"
    2. Resolution -> "203dpi"
    3. "Set Default Options".

If you need to change the Default Options:
"Administration" -> "Manage Printers" -> click the printer -> "Administration" -> "Set Default Options"

Ethernet

  1. https://{Raspberry Pi IP}:631 (change IP as required, user/pass is the skynet one)
  2. Click "Administration" then "Add Printer".
    1. Select "AppSocket/HP JetDirect" from the "Other Network Printers:" list then click Continue.
    2. Put "socket://<IP Address of printer> into the "Connection:" box then click "Continue".
    3. Change "Name" to something simple - e.g. customer01, Description/Location as required, tick "Share This Printer" then click "Continue".
    4. Make - Select "Zebra".
    5. Model - Select "Zebra ZPL Label Printer (en)" and click "Add Printer".
  3. On Default Options:
    1. Media Size -> "4.00x6.00"
    2. Resolution -> "203dpi"
    3. "Set Default Options".

If you need to change the Default Options:
"Administration" -> "Manage Printers" -> click the printer -> "Administration" -> "Set Default Options"

Add A4 printer to CUPS on the Raspberry Pi

Ethernet

  1. https://{Raspberry Pi IP}:631 (change IP as required, user/pass is the skynet one)
  2. Click "Administration" then "Add Printer".
    1. Find the printer in the "Discovered Network Printers" list then click Continue.
    2. Change "Name" to something simple - e.g. customer01, Description/Location as required, tick "Share This Printer" then click "Continue".
    3. Make should be pre-selected to the make of the printer.
    4. Model - The top option should be the correct one and match the make & model of the printer. If it also shows as "CUPS+Gutenprint vx.x.x (en)" that's the best one.
  3. On Default Options:
    1. Media Size -> "A4"
    2. Resolution -> "Automatic"
    3. 2-Sided Printing -> If the customer wants this on, set it as "Long Edge (Standard)" otherwise set it to "Off".
    4. "Set Default Options".

If you need to change the Default Options:
"Administration" -> "Manage Printers" -> click the printer -> "Administration" -> "Set Default Options"

File Change To Stop Right Side of Page Being Cut Off

  1. cd /etc/cups/ppd
  2. nano printer_name.ppd
  3. Find "*DefaultImageableArea: A4"
  4. Find "*ImageableArea A4/A4: "10.000 12.000 585.000 830.000"" a few lines down from the above line.
  5. Change the numbers to "18.000 20.000 593.000 838.000".
  6. Hold Ctrl and press X
  7. Press Y
  8. Press Enter

Customer Firewall Setup

Now make sure the following ports are forwarded to the printer from the external firewall (change as required) - if any of these are changed, you will need to change the above steps as well.

  1. 631. 53. 5353 for cups (TCP and UDP)
  2. 22 for ssh (TCP)

Add Printer to Skynet (Xenon)

Normal ZPL Driver

  1. http://xenon.genisys-systems.co.uk:631/
  2. "Administration" -> "Add Printer" -> "Internet Printing Protocol (ipp)"
  3. ipp://skynet:{password}@{customers_WAN_IP_address}:631/printers/{name}
  4. Name - Use our standard naming convention.
  5. Make - Select "Generic".
  6. Model - Select "Generic PDF Printer (en)".
  7. On Default Options:
    1. Resolution to 300 dpi
    2. Override A4 with Letter to "No"
    3. "Set Default Options"

If you need to change the Default Options:
"Administration" -> "Manage Printers" -> click the printer -> "Administration" -> "Set Default Options"

EPL Driver (for DPD/UPS)

  1. http://xenon.genisys-systems.co.uk:631/
  2. "Administration" -> "Add Printer" -> "Internet Printing Protocol (ipp)"
  3. ipp://skynet:{password}@{customers_WAN_IP_address}:631/printers/{name}
  4. Name - as above but with "_dpd" on the end of it.
  5. Make - Select "Raw".
  6. Model - Select "Raw Queue".

You will experience messages such as PPD errors, semi-colon errors etc. but this is normal for a RAW printer. No further setup is required.

After Testing

Once all of the above has been completed, you can test a print locally.

Setting up the Raspberry Pi as a Kiosk

  1. sudo nano /home/skynet/kiosk.sh
#!/bin/bash
export DISPLAY=:0
xset s noblank
xset s off
xset -dpms
unclutter -idle 0.5 -root &
sed -i 's/"exited_cleanly":false/"exited_cleanly":true/' /home/skynet/.config/chromium/Default/Preferences
sed -i 's/"exit_type":"Crashed"/"exit_type":"Normal"/' /home/skynet/.config/chromium/Default/Preferences
/usr/bin/chromium-browser --noerrdialogs --disable-infobars --kiosk http://{company}.genisys-systems.co.uk/tablet_scan.php &
  1. Hold Ctrl and press X
  2. Press Y
  3. Press Enter
  4. sudo nano /lib/systemd/system/kiosk.service
 [Unit]
 Description=Chromium Kiosk
 Wants=graphical.target
 After=graphical.target

 [Service]
 Environment=DISPLAY=:0.0
 Environment=XAUTHORITY=/home/skynet/.Xauthority
 Type=simple
 ExecStart=/bin/bash /home/skynet/kiosk.sh
 Restart=on-abort
 User=skynet
 Group=skynet

 [Install]
 WantedBy=graphical.target
  1. Hold Ctrl and press X
  2. Press Y
  3. Press Enter
  4. sudo systemctl enable kiosk.service
  5. sudo systemctl start kiosk.service
  6. sudo nano /home/skynet/.config/autostart/kiosk.desktop
[Desktop Entry]
Type=Application
Name=Kiosk
Exec=/home/skynet/kiosk.sh
X-GNOME-Autostart-enabled=true
  1. Hold Ctrl and press X
  2. Press Y
  3. Press Enter
  4. sudo chmod 755 kiosk.sh
  5. sudo chown skynet:skynet kiosk.sh

Debugging

Found by Ncroker:

This page has some cool debugging stuff: https://wiki.ubuntu.com/DebuggingPrintingProblems
It's for Ubuntu, but still seems to work on the Raspberry Pi.

Retrieved from ‘https://wiki.genisys-systems.co.uk/index.php?title=Skynet_Software_Wiki:Setup_Pi&oldid=2505