Conversation
Notices
-
Embed this notice
Quad (quad@akko.quad.moe)'s status on Thursday, 14-Sep-2023 17:07:22 JST Quad
Does anyone know if it's possible for CUPS to pull print jobs from another CUPS server in some fashion? -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Thursday, 14-Sep-2023 17:07:12 JST Haelwenn /элвэн/ :triskell:
@quad @benis @wolf480pl And you can't have the cups servers + printers be on a dedicated network that could be accessed from both? (And potentially not be able to reach outside, only incoming tcp) -
Embed this notice
Quad (quad@akko.quad.moe)'s status on Thursday, 14-Sep-2023 17:07:13 JST Quad
@wolf480pl @benis tbh i find the policy fine. It prevents human error from ever accidentally letting the guest network communicate with something internal that they shouldn't be able to. And usually it can be solved with something simple like "just buy a separate one for the guest network". However printers are the exception, we just plain can't afford to buy 50 new MFPs for the guest network and/or don't want to pay that much.
But it presents a number of technical difficulties since most things support either pull or push configurations, rarely both.
For example, anything that talks via MQTT pretty much automatically meets the requirement. -
Embed this notice
Wolf480pl (wolf480pl@mstdn.io)'s status on Thursday, 14-Sep-2023 17:07:14 JST Wolf480pl
@quad @benis if this was a technical problem I'd say "make internal network CUPS connect to the internet CUPS through a VPN" but the actual problem is circumventing a less-than-intelligent policy
-
Embed this notice
Wolf480pl (wolf480pl@mstdn.io)'s status on Thursday, 14-Sep-2023 17:07:15 JST Wolf480pl
@quad @benis
in cron:
ssh -R 2631:localhost:631 remoteprintserver sleep 120 -
Embed this notice
Quad (quad@akko.quad.moe)'s status on Thursday, 14-Sep-2023 17:07:16 JST Quad
@benis @wolf480pl "said" users are hundreds of people printing across like 50 different printers and plotters.
They are usually mad enough that they can't scan documents, and definitely that our current guest print solution sucks. In fact many customers are so desperate that they do buy their own A4 printer for their guest office rather than fiddling with our current junk of a guest print solution, and if they need to print something larger they run around physically with a USB stick containing PDFs.
The goal is sort of to make the printing experience "not quite shit" for the guests -
Embed this notice
Generational Wealth (benis@cawfee.club)'s status on Thursday, 14-Sep-2023 17:07:17 JST Generational Wealth
@quad @wolf480pl do said clients usually print in strange sizes, or can you just buy a dedicated cheap shit A4 printer -
Embed this notice
Quad (quad@akko.quad.moe)'s status on Thursday, 14-Sep-2023 17:07:18 JST Quad
@benis @wolf480pl Nah, we tried. Too hard to whiteliste.
The /actual/ goal of this project is to allow guests on our guest network (which is an entirely separate internet connection, public ip, etc) to "borrow" some of our printers on the internal network.
But opsec policy dictates no connection ever allowed from the guest network to an internal system (even via an intermediary). Therefore I need jobs to be "pushed" from the guest network and "pulled" to the internal network to comply with policy.
The problem with mailboxes is that we'd have to manually whitelist the countless guests that arrive every single day and want to print. Because we don't want some public address anyone can spam with crap to print.
Also print via E-mail tends to work bad if you want to do anything fancy, like say print in A0 -
Embed this notice
Generational Wealth (benis@cawfee.club)'s status on Thursday, 14-Sep-2023 17:07:19 JST Generational Wealth
@quad @wolf480pl my printer can be connected to an email address and print the PDF files sent to it, just an idea -
Embed this notice
Quad (quad@akko.quad.moe)'s status on Thursday, 14-Sep-2023 17:07:20 JST Quad
@wolf480pl hmm, bit of a bummer. I need a server on the internet that can store a print job, until a printer or another server behind NAT then pulls it and prints it -
Embed this notice
Wolf480pl (wolf480pl@mstdn.io)'s status on Thursday, 14-Sep-2023 17:07:21 JST Wolf480pl
@quad it's possible for CUPS to *push* print jobs to another CUPS but I din't think there's a way to pull
-
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Thursday, 14-Sep-2023 17:11:57 JST Haelwenn /элвэн/ :triskell:
@quad @benis @wolf480pl (Or a cups server dedicated to guests acting as proxy that would be the only one able to push, so risk of say accessing private documents can't happen) -
Embed this notice
Quad (quad@akko.quad.moe)'s status on Thursday, 14-Sep-2023 17:17:18 JST Quad
@lanodan @benis @wolf480pl Again, without revealing too many details, I think there's around 25 sites with printers, and an about equal number of guest networks.
We need something that can accept a print job, keep it a while or bounce it until the thing that needs it grabs the print job.Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Quad (quad@akko.quad.moe)'s status on Thursday, 14-Sep-2023 17:17:19 JST Quad
@lanodan @benis @wolf480pl Without revealing too many details, they already are.
You might not have seen my crap draw.io example but printers are spread across multiple networks (there's also multiple guest networks).
This solution needs to scale to work across a theoretically infinite number of guest networks, with a theoretically infinite number of printers across an infinite number of separate networks.
Some guests might also use their own internet connection rather than our standard guest network.
Hence why a proper push/pull model to/from the internet is pretty hard to get away from.
-
Embed this notice