{ pkgs, lib, config, ... }: { imports = [ ../../nixos/profiles/printing.nix ../../nixos/profiles/hardware/HP_Deskjet_1510.nix ]; services.printing = { listenAddresses = ["*:631"]; defaultShared = true; webInterface = true; allowFrom = ["all"]; openFirewall = true; browsing = true; extraConf = '' DefaultEncryption IfRequested ServerAlias * ''; }; # DebugNote: SANE_DEBUG_NET=128 SANE_NET_HOSTS=aubergine.local scanimage -L services.saned = { enable = true; extraConfig = '' data_portrange = 40000 - 40100 0.0.0.0/0 ''; }; systemd.services."saned@" = { #environment.SANE_DEBUG_HPAIO = "128"; #environment.SANE_DEBUG_NET = "128"; }; networking.nftables.ruleset = lib.optionalString config.services.printing.openFirewall '' table inet filter { chain input-lan { tcp dport ipp counter accept comment "cupsd: IPP" } } '' + lib.optionalString config.services.saned.enable '' table inet filter { ct helper conntrack-sane { type "sane" protocol tcp; } chain prerouting { # This will track saned's data port for `ct related` tcp dport sane-port counter ct helper set "conntrack-sane" } chain input-lan { tcp dport sane-port counter accept comment "saned: control port" # NoticeNote: not actually useful because there is a rule `ct related accept` before ct helper "sane" counter accept comment "saned: data ports" } } ''; }