source init

Makefile

@@ -0,0 +1,103 @@
+SHELL = /bin/sh
+.SUFFIXES:
+
+INSTALL = /usr/bin/install
+
+MNAME := octoprint
+MACHINES_DIR := /var/lib/machines
+MDIR := $(MACHINES_DIR)/$(MNAME)
+TDIR := $(MACHINES_DIR)/$(MNAME)-template
+DEVPTN := '/dev/ttyUSB*'
+
+OP = systemd-nspawn --machine=$(MNAME) --hostname=$(MNAME) --directory="$(MDIR)" --tmpfs=/run --tmpfs=/run/lock
+
+all:
+	@echo Nothing to do.
+	@echo run 'sudo make install'
+.PHONY: all
+
+/usr/bin/systemd-nspawn:
+	apt install -y systemd-container
+
+/etc/cron-apt/action.d /usr/sbin/cron-apt:
+	apt install -y cron-apt
+
+/etc/cron-apt/action.d/6-upgrade: /etc/cron-apt/action.d
+
+/etc/cron-apt/action.d/6-upgrade $(MDIR)/etc/cron-apt/action.d/6-upgrade: src/cron-apt-6-upgrade
+	$(INSTALL) -o root -g root -m 644 $< $@
+
+/usr/sbin/debootstrap:
+	apt install -y debootstrap
+	touch "$@"
+
+/etc/systemd/system/octoprint-container@.service: src/octoprint-container@.service
+	$(INSTALL) -o root -g root -m 0644 $< $@
+/etc/systemd/system/multi-user.target.wants/octoprint-container@.service: /etc/systemd/system/octoprint-container@.service
+	ln -fs $< $@
+
+$(MDIR): /usr/sbin/debootstrap
+	rm -rf "$@".tmp
+	debootstrap --include=systemd-container stable "$@".tmp
+	touch "$@".tmp
+	mv "$@".tmp "$@"
+
+$(MDIR)/usr/bin/pip3: $(MDIR)
+	$(OP) apt install -y python3-pip
+	touch "$@"
+$(MDIR)/usr/bin/ffmpeg: $(MDIR)
+	$(OP) apt install -y ffmpeg
+	touch "$@"
+$(MDIR)/usr/sbin/cron-apt: $(MDIR)
+	$(OP) apt install -y cron-apt
+	touch "$@"
+$(MDIR)/usr/bin/nullmailer-send: $(MDIR)
+	$(OP) apt install -y nullmailer
+	touch "$@"
+$(MDIR)/usr/local/bin/octoprint: $(MDIR)/usr/bin/pip3
+	$(OP) pip3 install octoprint
+	touch "$@"
+
+install_octoprint: $(MDIR) /usr/bin/systemd-nspawn $(addprefix $(MDIR),/usr/bin/pip3 /usr/bin/ffmpeg /usr/local/bin/octoprint)
+	$(OP) sh -c 'getent passwd octoprint >/dev/null || useradd -mrUd /var/lib/octoprint -G dialout octoprint'
+.PHONY: install_octoprint
+
+$(MDIR)/usr/local/libexec/octoprint-init: src/octoprint-init $(MDIR)/usr/local/libexec
+	$(INSTALL) -o root -g root -m 0755 $< $@
+$(MDIR)/etc/systemd/system/octoprint-init.service: src/octoprint-init.service $(MDIR)
+	$(INSTALL) -o root -g root -m 0755 $< $@
+$(MDIR)/etc/systemd/system/multi-user.target.wants/octoprint-init.service: $(MDIR)/etc/systemd/system/octoprint-init.service
+	ln -fs $< $@
+
+$(MDIR)/etc/systemd/system/octoprint.service: src/octoprint.service
+	$(INSTALL) -o root -g root -m 0644 $< $@
+
+TDIR_DIRS = $(addprefix $(TDIR),/dev /media /opt /etc /mnt /usr /usr/lib \
+	/local /home /srv /run /boot /tmp /root /var /var/backups /var/opt \
+	/var/lib /var/local /var/spool /var/spool/cron /var/spool/rsyslog \
+	/var/spool/mail /var/log /var/cache /var/tmp /var/mail /proc /sys)
+
+$(TDIR_DIRS): $(dir $@)
+	$(INSTALL) -o root -g root -m 0755 -d $@
+$(MDIR)/usr/local/libexec:
+	$(INSTALL) -o root -g root -m 0755 -d $@
+$(TDIR):
+	$(INSTALL) -o root -g root -m 0755 -d $@
+
+##### install*: #####
+
+install_system: /usr/bin/systemd-nspawn /usr/sbin/cron-apt /etc/cron-apt/action.d/6-upgrade
+.PHONY: install_system
+install_container: install_octoprint \
+	/etc/systemd/system/octoprint-container@.service \
+	$(MDIR)/usr/local/libexec/octoprint-init \
+	$(MDIR)/etc/systemd/system/octoprint-init.service \
+	$(MDIR)/etc/systemd/system/multi-user.target.wants/octoprint-init.service \
+	$(MDIR)/etc/systemd/system/octoprint.service \
+	$(MDIR)/etc/cron-apt/action.d/6-upgrade
+.PHONY: install_container
+install_template: $(TDIR_DIRS)
+.PHONY: install_template
+install: install_system install_container install_template
+	systemctl daemon-reload
+.PHONY: install

hexopi.sh

@@ -0,0 +1,203 @@
+#!/usr/bin/env sh
+#  SPDX-License-Identifier: GPL-3.0
+#  Denis Kanuf <https://denkn.at>
+
+die() {
+	>&2 printf '\e[1;31mdied: %s\e[0m\n' "$*"
+	exit 1
+}
+
+l() {
+	>&2 printf '\e[1m%s\e[0m\n' "$*"
+}
+
+d() {
+	>&2 printf '\e[1;34m# %s\e[0m\n' "$*"
+	"$@" || die "$*"
+}
+
+MNAME=octoprint
+MDIR=/var/lib/machines/$MNAME
+TDIR=/var/lib/machines/$MNAME-template
+DEVPTN='/dev/ttyUSB*'
+LICENSE="$(cat <<EOF
+#  SPDX-License-Identifier: GPL-3.0
+#  Denis Knauf <https://denkn.at>
+EOF
+)"
+
+alias OP='d systemd-nspawn --machine=$MNAME --hostname=$MNAME --directory="$MDIR" --tmpfs=/run --tmpfs=/run/lock'
+
+t_mkdir() {
+	for d
+	do
+		d install -d "$TDIR/$d"
+	done
+}
+
+###############################################################################
+
+ho_install() {
+d apt install -y systemd-container debootstrap cron-apt dnsmasq
+
+d dd of=/etc/cron-apt/action.d/6-upgrade <<EOF
+safe-upgrade -y
+EOF
+
+if [ -d "$MDIR" ]
+then
+	l skipping debootstrap
+else
+	d rm -rf "$MDIR".tmp
+	d debootstrap --include=systemd-container stable "$MDIR".tmp
+	d mv "$MDIR".tmp "$MDIR"
+fi
+
+OP apt update
+OP apt dist-upgrade -y
+OP apt install -y nullmailer python3-pip cron-apt ffmpeg
+OP pip3 install octoprint
+OP sh -c 'getent passwd octoprint || useradd -mrUd /var/lib/octoprint -G dialout octoprint'
+
+d install -o root -g root -m 0755 "$0" /usr/local/sbin/hexapi
+d install -o root -g root -m 0755 "$0" "$MDIR"/usr/local/sbin/hexapi
+
+d dd of="$MDIR"/etc/cron-apt/action.d/6-upgrade <<EOF
+safe-upgrade -y
+EOF
+
+d dd of=/etc/systemd/system/octoprint-container@.service <<EOF
+${LICENSE}
+#  Based on systemd-nspawn@.service
+
+[Unit]
+Description=OctoPrint Container for %i
+Documentation=man:systemd-nspawn(1)
+PartOf=machines.target
+Before=machines.target
+After=network.target systemd-resolved.service
+RequiresMountsFor=/var/lib/machines
+BindTo=dev-%i.device
+
+[Service]
+ExecStart=/usr/bin/systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest \
+	--settings=override \
+	--directory=/var/lib/machines/octoprint@ttyUSB0 --template=/var/lib/machines/octoprint-template \
+	--overlay=/var/lib/machines/octoprint/etc:/var/lib/machines/octoprint@%i/etc:/etc \
+	--bind-ro=/var/lib/machines/octoprint/usr:/usr --bind=/dev/%i --machine=%i --hostname=%i
+KillMode=mixed
+Type=notify
+RestartForceExitStatus=133
+SuccessExitStatus=133
+WatchdogSec=3min
+Slice=machine.slice
+Delegate=yes
+TasksMax=16384
+
+# Enforce a strict device policy, similar to the one nspawn configures when it
+# allocates its own scope unit. Make sure to keep these policies in sync if you
+# change them!
+DevicePolicy=closed
+DeviceAllow=/dev/net/tun rwm
+DeviceAllow=char-pts rw
+
+# nspawn itself needs access to /dev/loop-control and /dev/loop, to implement
+# the --image= option. Add these here, too.
+DeviceAllow=/dev/loop-control rw
+DeviceAllow=block-loop rw
+DeviceAllow=block-blkext rw
+
+# nspawn can set up LUKS encrypted loopback files, in which case it needs
+# access to /dev/mapper/control and the block devices /dev/mapper/*.
+DeviceAllow=/dev/mapper/control rw
+DeviceAllow=block-device-mapper rw
+
+# octoprint needs access to serial-interfaces.
+DeviceAllow=/dev/%i rw
+DeviceAllow=char-ttyUSB rw
+
+[Install]
+WantedBy=machines.target
+EOF
+
+d dd of="/etc/udev/rules.d/50-octoprint-container.rules" <<EOF
+SUBSYSTEMS=="usb", KERNEL=="ttyUSB*", ACTION=="add", TAG+="systemd", ENV{SYSTEMD_WANTS}+="octoprint-container@%k.service" ENV{SYSTEMD_ALIAS}+="/dev/%k"
+EOF
+
+d dd of="$MDIR"/etc/systemd/system/octoprint-init.service <<EOF
+${LICENSE}
+[Unit]
+Description=Initialize Octoprint 3d-printer web interface
+Before=octoprint.service
+[Service]
+Type=oneshot
+ExecStart=/usr/local/sbin/hexapi install_env
+[Install]
+WantedBy=multi-user.target
+EOF
+
+d ln -fs ../octoprint-init.service "$MDIR"/etc/systemd/system/multi-user.target.wants/octoprint-init.service
+
+d dd of="$MDIR"/etc/systemd/system/octoprint.service <<EOF
+${LICENSE}
+[Unit]
+Description=OctoPrint 3D-printer web interface
+After=octoprint-init.service
+[Service]
+EnvironmentFile=/local/env
+EnvironmentFile=-/env
+ExecStart=/usr/local/bin/octoprint serve --host=\${OCTOPRINT_HOST} --port=\${OCTOPRINT_PORT}
+User=octoprint
+Group=octoprint
+[Install]
+WantedBy=multi-user.target
+EOF
+
+t_mkdir /dev /media /opt /etc /mnt /usr /usr/lib /local /home /srv /run /boot /tmp /root /var \
+	/var/backups /var/opt /var/lib /var/local /var/spool /var/spool/cron /var/spool/rsyslog \
+	/var/spool/mail /var/log /var/cache /var/tmp /var/mail /proc /sys
+
+d systemctl daemon-reload
+}
+
+###############################################################################
+
+ho_list() {
+for f in $DEVPTN
+do
+	echo "found: $f"
+done
+}
+
+###############################################################################
+
+ho_environment() {
+device=$(hostname)
+if [ "$device" = "${device#ttyUSB}" ]
+then
+	>&2  echo "not a container for running octoprint - no device"
+	exit 0
+elif [ -e "/dev/$device" ]
+then
+	> /local/env  echo OCTOPRINT_HOST=0.0.0.0
+	>>/local/env  echo OCTOPRINT_PORT=$((2000+${device#*USB}))
+	install -o octoprint -g octoprint -m 700 -d /var/lib/octoprint
+	/usr/bin/systemctl enable --no-block --now octoprint.service
+	/usr/bin/systemctl disable octoprint-init.service
+else
+	>&2  echo "Device not found: $device"
+	exit 1
+fi
+}
+
+###############################################################################
+
+case "$1" in
+install) ho_install ;;
+list) ho_list ;;
+install_env) ho_environment ;;
+*)
+	>&2 echo "Usage: $0 install"
+	exit 1
+	;;
+esac

src/50-octoprint-container.rules

@@ -0,0 +1 @@
+SUBSYSTEMS=="usb", KERNEL=="ttyUSB*", ACTION=="add", TAG+="systemd", ENV{SYSTEMD_WANTS}+="octoprint-container@%k.service" ENV{SYSTEMD_ALIAS}+="/dev/%k"

src/cron-apt-6-upgrade

@@ -0,0 +1 @@
+safe-upgrade -y

src/octoprint-container@.service

@@ -0,0 +1,52 @@
+#  SPDX-License-Identifier: GPL-3.0
+#  Denis Kanuf <https://denkn.at>
+#  Based on systemd-nspawn@.service
+
+[Unit]
+Description=OctoPrint Container for %i
+Documentation=man:systemd-nspawn(1)
+PartOf=machines.target
+Before=machines.target
+After=network.target systemd-resolved.service
+RequiresMountsFor=/var/lib/machines
+BindTo=dev-%i.device
+
+[Service]
+ExecStart=/usr/bin/systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest \
+	--settings=override \
+	--directory=/var/lib/machines/octoprint@ttyUSB0 --template=/var/lib/machines/octoprint-template \
+	--overlay=/var/lib/machines/octoprint/etc:/var/lib/machines/octoprint@%i/etc:/etc \
+	--bind-ro=/var/lib/machines/octoprint/usr:/usr --bind=/dev/%i --machine=%i --hostname=%i
+KillMode=mixed
+Type=notify
+RestartForceExitStatus=133
+SuccessExitStatus=133
+WatchdogSec=3min
+Slice=machine.slice
+Delegate=yes
+TasksMax=16384
+
+# Enforce a strict device policy, similar to the one nspawn configures when it
+# allocates its own scope unit. Make sure to keep these policies in sync if you
+# change them!
+DevicePolicy=closed
+DeviceAllow=/dev/net/tun rwm
+DeviceAllow=char-pts rw
+
+# nspawn itself needs access to /dev/loop-control and /dev/loop, to implement
+# the --image= option. Add these here, too.
+DeviceAllow=/dev/loop-control rw
+DeviceAllow=block-loop rw
+DeviceAllow=block-blkext rw
+
+# nspawn can set up LUKS encrypted loopback files, in which case it needs
+# access to /dev/mapper/control and the block devices /dev/mapper/*.
+DeviceAllow=/dev/mapper/control rw
+DeviceAllow=block-device-mapper rw
+
+# octoprint needs access to serial-interfaces.
+DeviceAllow=/dev/%i rw
+DeviceAllow=char-ttyUSB rw
+
+[Install]
+WantedBy=machines.target

src/octoprint-init

@@ -0,0 +1,23 @@
+#!/usr/bin/env sh
+#  SPDX-License-Identifier: GPL-3.0
+#  Denis Kanuf <https://denkn.at>
+
+device=$(hostname)
+
+if [ "$device" = "${device#ttyUSB}" ]
+then
+	>&2  echo "not a container for running octoprint - no device"
+	exit 0
+
+elif [ -e "/dev/$device" ]
+then
+	> /local/env  echo OCTOPRINT_HOST=0.0.0.0
+	>>/local/env  echo OCTOPRINT_PORT=$((2000+${device#*USB}))
+	install -o octoprint -g octoprint -m 700 -d /var/lib/octoprint
+	/usr/bin/systemctl enable --no-block --now octoprint.service
+	/usr/bin/systemctl disable octoprint-init.service
+
+else
+	>&2  echo "Device not found: $device"
+	exit 1
+fi

src/octoprint-init.service

@@ -0,0 +1,13 @@
+#  SPDX-License-Identifier: GPL-3.0
+#  Denis Kanuf <https://denkn.at>
+
+[Unit]
+Description=Initialize Octoprint 3d-printer web interface
+Before=octoprint.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/libexec/octoprint-init
+
+[Install]
+WantedBy=multi-user.target

src/octoprint.service

@@ -0,0 +1,16 @@
+#  SPDX-License-Identifier: GPL-3.0
+#  Denis Kanuf <https://denkn.at>
+
+[Unit]
+Description=OctoPrint 3D-printer web interface
+After=octoprint-init.service
+
+[Service]
+EnvironmentFile=/local/env
+EnvironmentFile=-/env
+ExecStart=/usr/local/bin/octoprint serve --host=${OCTOPRINT_HOST} --port=${OCTOPRINT_PORT}
+User=octoprint
+Group=octoprint
+
+[Install]
+WantedBy=multi-user.target