nixos/profiles/printing.nix

   1 {
   2   pkgs,
   3   lib,
   4   config,
   5   ...
   6 }:
   7 {
   8   imports = [
   9     ./avahi.nix
  10   ];
  11   services.printing = {
  12     enable = true;
  13     drivers = [
  14       pkgs.canon-cups-ufr2
  15       pkgs.cups-filters
  16       pkgs.gutenprint
  17       pkgs.hplip
  18     ];
  19   };
  20   hardware.sane.enable = true;
  21   hardware.sane.extraBackends = [
  22     pkgs.hplipWithPlugin
  23     pkgs.sane-airscan
  24   ];
  25   services.colord.enable = true;
  26   # ExplanationNote: cups-browsed only supports avahi, not systemd-resolved
  27   services.avahi.enable = lib.mkDefault true;
  28   services.resolved.extraConfig = ''
  29     MulticastDNS=false
  30   '';
  31   networking.nftables.ruleset =
  32     ''
  33       table inet filter {
  34         chain output-lan {
  35           tcp dport { ipp, ipps } counter accept comment "printing: IPP"
  36           tcp dport sane-port counter accept comment "sane-net: control port"
  37           tcp dport {40000 - 40100} counter accept comment "saned: data ports"
  38         }
  39       }
  40     ''
  41     + lib.optionalString config.hardware.sane.openFirewall ''
  42       table inet filter {
  43         chain input-lan {
  44           udp canon-bjnp2 counter accept comment "sane: discovery of scanners on the local network"
  45         }
  46       }
  47     '';
  48 }