hosts/aubergine/printing.nix

   1 { pkgs, lib, config, ... }:
   2 {
   3   imports = [
   4     ../../nixos/profiles/printing.nix
   5     ../../nixos/profiles/hardware/HP_Deskjet_1510.nix
   6   ];
   7   services.printing = {
   8     listenAddresses = ["*:631"];
   9     defaultShared = true;
  10     webInterface = true;
  11     allowFrom = ["all"];
  12     openFirewall = true;
  13     browsing = true;
  14     extraConf = ''
  15       ServerAlias *
  16     '';
  17   };
  18   # DebugNote: SANE_DEBUG_NET=128 SANE_NET_HOSTS=aubergine.local scanimage -L
  19   services.saned = {
  20     enable = true;
  21     extraConfig = ''
  22       data_portrange = 40000 - 40100
  23       0.0.0.0/0
  24     '';
  25   };
  26   systemd.services."saned@" = {
  27     #environment.SANE_DEBUG_HPAIO = "128";
  28     #environment.SANE_DEBUG_NET   = "128";
  29   };
  30   networking.nftables.ruleset =
  31     lib.optionalString config.services.printing.openFirewall ''
  32       table inet filter {
  33         chain input-lan {
  34           tcp dport ipp counter accept comment "cupsd: IPP"
  35         }
  36       }
  37     '' + lib.optionalString config.services.saned.enable ''
  38       table inet filter {
  39         ct helper conntrack-sane {
  40           type "sane" protocol tcp;
  41         }
  42         chain prerouting {
  43           # This will track saned's data port for `ct related`
  44           tcp dport sane-port counter ct helper set "conntrack-sane"
  45         }
  46         chain input-lan {
  47           tcp dport sane-port counter accept comment "saned: control port"
  48           # NoticeNote: not actually useful because there is a rule `ct related accept` before
  49           ct helper "sane" counter accept comment "saned: data ports"
  50         }
  51       }
  52     '';
  53 }