nixos/profiles/printing.nix

   1 {
   2   pkgs,
   3   lib,
   4   config,
   5   ...
   6 }:
   7 {
   8   imports = [
   9     ./avahi.nix
  10   ];
  11   services.printing = {
  12     enable = true;
  13     drivers = [
  14       pkgs.canon-cups-ufr2
  15       pkgs.cups-filters
  16       pkgs.gutenprint
  17       pkgs.hplip
  18     ];
  19   };
  20   hardware.sane.enable = true;
  21   hardware.sane.extraBackends = [
  22     pkgs.hplipWithPlugin
  23     pkgs.sane-airscan
  24   ];
  25   services.colord.enable = true;
  26   # ExplanationNote: cups-browsed only supports avahi, not systemd-resolved
  27   services.avahi.enable = lib.mkDefault true;
  28   services.resolved.extraConfig = ''
  29     MulticastDNS=false
  30   '';
  31   /*
  32     ToUse(nixos-26.05):
  33     services.resolved.settings = {
  34       Resolve.MulticastDNS = false;
  35     };
  36   */
  37   networking.nftables.ruleset = ''
  38     table inet filter {
  39       chain output-lan {
  40         tcp dport { ipp, ipps } counter accept comment "printing: IPP"
  41         tcp dport sane-port counter accept comment "sane-net: control port"
  42         tcp dport {40000 - 40100} counter accept comment "saned: data ports"
  43       }
  44     }
  45   ''
  46   + lib.optionalString config.hardware.sane.openFirewall ''
  47     table inet filter {
  48       chain input-lan {
  49         udp canon-bjnp2 counter accept comment "sane: discovery of scanners on the local network"
  50       }
  51     }
  52   '';
  53 }