aubergine: share printer and scanner over the network

[julm/julm-nix.git] / domains / sourcephile.fr / nebula.nix

diff --git a/domains/sourcephile.fr/nebula.nix b/domains/sourcephile.fr/nebula.nix
index abeeac98d6f0b1201c420840489460f94cccec58..5da79181e065c33ba8d43fbeeb09538e93bdf0db 100644 (file)
--- a/domains/sourcephile.fr/nebula.nix
+++ b/domains/sourcephile.fr/nebula.nix
@@ -105,7 +105,7 @@ in
         udp dport 60000-60100 counter accept comment "Mosh"
       }
       chain input {
-        iifname ${iface} jump input-${iface}
+        iifname ${iface} jump input-${iface} comment "MUST be before the address-based jumps to input-lan"
         iifname ${iface} log level warn prefix "input-${iface}: " counter drop
       }
       chain output {
@@ -113,6 +113,18 @@ in
         oifname ${iface} log level warn prefix "output-${iface}: " counter drop
       }
     }
+  '' + lib.optionalString config.services.printing.enable ''
+    table inet filter {
+      chain output-${iface} {
+        tcp dport { ipp, ipps } counter accept comment "printing: IPP"
+      }
+    }
+  '' + lib.optionalString config.hardware.sane.enable ''
+    table inet filter {
+      chain output-${iface} {
+        tcp dport sane-port counter accept comment "sane-net: SANE"
+      }
+    }
   '';
   networking.networkmanager.unmanaged = [ iface ];
   services.fail2ban.ignoreIP = [