aubergine: anki-sync-server: enable

[julm/julm-nix.git] / hosts / aubergine / printing.nix

{
  pkgs,
  lib,
  config,
  ...
}:
{
  imports = [
    ../../nixos/profiles/printing.nix
    ../../nixos/profiles/hardware/HP_Deskjet_1510.nix
  ];
  services.printing = {
    listenAddresses = [ "*:631" ];
    defaultShared = true;
    webInterface = true;
    allowFrom = [ "all" ];
    openFirewall = true;
    browsing = true;
    extraConf = ''
      DefaultEncryption IfRequested
      ServerAlias *
    '';
  };
  # DebugNote: SANE_DEBUG_NET=128 SANE_NET_HOSTS=aubergine.local scanimage -L
  # DebugNote: SANE_DEBUG_NET=128 SANE_NET_HOSTS=aubergine.local scanimage --dev=net:aubergine.local:hpaio:/usb/Deskjet_1510_series?serial=CN53P2F1N105YR  --mode Color --resolution 100 --progress --format jpeg --compression JPEG  >out100.jpg
  services.saned = {
    enable = true;
    extraConfig = ''
      data_portrange = 40000 - 40100
      0.0.0.0/0
    '';
  };
  systemd.services."saned@" = {
    #environment.SANE_DEBUG_HPAIO = "128";
    #environment.SANE_DEBUG_NET   = "128";
  };
  networking.nftables.ruleset =
    lib.optionalString config.services.printing.openFirewall ''
      table inet filter {
        chain input-lan {
          tcp dport ipp counter accept comment "cupsd: IPP"
        }
      }
    ''
    + lib.optionalString config.services.saned.enable ''
      table inet filter {
        ct helper conntrack-sane {
          type "sane" protocol tcp;
        }
        chain prerouting {
          # This will track saned's data port for `ct related`
          tcp dport sane-port counter ct helper set "conntrack-sane"
        }
        chain input-lan {
          tcp dport sane-port counter accept comment "saned: control port"
          # NoticeNote: not actually useful because there is a rule `ct related accept` before
          ct helper "sane" counter accept comment "saned: data ports"
        }
      }
    '';
}