Skip to content

Instantly share code, notes, and snippets.

@v-yarotsky

v-yarotsky/README.md

Created March 25, 2025 20:10
Show Gist options
  • Save v-yarotsky/bfc45e3921cf55f8bbfbd41ab6f33258 to your computer and use it in GitHub Desktop.
Save v-yarotsky/bfc45e3921cf55f8bbfbd41ab6f33258 to your computer and use it in GitHub Desktop.
Download ZIP
Virtual Paperless-ngx printer on Raspberry Pi
Raw
README.md

What is this?

These are instructions to create a virtual "printer" for Paperless-ngx that runs on Raspberry Pi (I use Raspberry Pi Zero W). This way, you can "print" documents from your computer or phone, and they'll be submitted to your Paperless-ngx instance.

Instructions

Create a dedicated user in your Paperless-ngx instance on the Users & Groups page. It doesn't need too many permissions. image

On your Raspberry Pi, run the following:

sudo apt-get update
sudo apt-get install cups cups-filters cups-tea4cups avahi-daemon

Place cupsd.conf from this gist into /etc/cups/cupsd.conf. Place tea4cups.conf from this gist into /etc/cups/tea4cups.conf. Place upload-to-paperless.sh into /usr/local/bin/upload-to-paperless.sh. Update variables at the top of the script with your values. Make sure it's executable:

sudo chmod +x /usr/local/bin/upload-to-paperless.sh

Restart cups daemon

sudo systemctl restart cups

Create the virtual printer

sudo lpadmin -p Paperless -v tea4cups:// -E -m raw -o printer-is-shared=true

The printer should now become visible

image
Raw
cupsd.conf
#
# Configuration file for the CUPS scheduler. See "man cupsd.conf" for a
# complete description of this file.
#
# Log general information in error_log - change "warn" to "debug"
# for troubleshooting...
LogLevel warn
PageLogFormat
# Specifies the maximum size of the log files before they are rotated. The value "0" disables log rotation.
MaxLogSize 0
# Default error policy for printers
ErrorPolicy retry-job
# Only listen for connections from the local machine.
Port 631
Listen /run/cups/cups.sock
# Show shared printers on the local network.
Browsing Yes
BrowseLocalProtocols dnssd
# Default authentication type, when authentication is required...
DefaultAuthType Basic
# Web interface setting...
WebInterface Yes
# Timeout after cupsd exits if idle (applied only if cupsd runs on-demand - with -l)
IdleExitTimeout 60
# Restrict access to the server...
<Location />
Order allow,deny
Allow @LOCAL
</Location>
# Restrict access to the admin pages...
<Location /admin>
Order allow,deny
Allow @LOCAL
</Location>
# Restrict access to configuration files...
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
</Location>
# Restrict access to log files...
<Location /admin/log>
AuthType Default
Require user @SYSTEM
Order allow,deny
</Location>
# Set the default printer/job policies...
<Policy default>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
# Set the authenticated printer/job policies...
<Policy authenticated>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Default
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
# Set the kerberized printer/job policies...
<Policy kerberos>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Negotiate
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Negotiate
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Negotiate
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
Raw
tea4cups.conf
[global]
debug : yes
[Paperless]
prehook_rawpdf : /usr/local/bin/upload-to-paperless.sh "$TEATITLE" "$TEADATAFILE"
Raw
upload-to-paperless.sh
#!/bin/bash
SERVER_URL="https://paperless.example.com" # Paperless-ngx instance URL
PAPERLESS_USERNAME="printer" # Paperless-ngx account created for use by this script
PAPERLESS_PASSWORD="<PASSWORD>" # Password for the aforementioned account
PAPERLESS_INBOX_TAG_ID="<ID>" # ID (not name!) of your inbox tag in Paperless-ngx.
# See https://docs.paperless-ngx.com/usage/#basic-searching for Best Practices
if [ "$#" -lt 2 ]; then
echo "Usage: $0 title file" >&2
exit 1
fi
TITLE=$1
INPUT_FILE_PATH="$2"
if [ -z "$INPUT_FILE_PATH" ] || [ ! -f "$INPUT_FILE_PATH" ]; then
echo "No file provided" >&2
exit 1
fi
conversion_output_file=$(mktemp)
upload_response_file=$(mktemp)
cleanup() {
rm -f "$conversion_output_file"
rm -f "$upload_response_file"
}
trap cleanup EXIT
OUTPUT_FILE_PATH="$conversion_output_file"
ps2pdf "$INPUT_FILE_PATH" "$OUTPUT_FILE_PATH"
RESPONSE=$(curl -s -o "${upload_response_file}" -w "%{http_code}" -X POST "${SERVER_URL}/api/documents/post_document/" \
-u "${PAPERLESS_USERNAME}:${PAPERLESS_PASSWORD}" \
-F "document=@${OUTPUT_FILE_PATH}" \
-F "title=${TITLE}" \
-F "tags=${PAPERLESS_INBOX_TAG_ID}")
if [ "$RESPONSE" -ne 200 ]; then
echo "FAILED: $(cat $upload_response_file)" >&2
exit 1
fi
echo "Upload successful" >&2
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment