home-manager: update

[julm/julm-nix.git] / nixos / profiles / printing.nix

diff --git a/nixos/profiles/printing.nix b/nixos/profiles/printing.nix
index e997e6e0b67474d76a952a342fc96b51290a0702..2c014c1a31ec13a8db707f0df2732cd9061c16cb 100644 (file)
--- a/nixos/profiles/printing.nix
+++ b/nixos/profiles/printing.nix
@@ -1,14 +1,48 @@
-{ config, pkgs, lib, ... }:
 {
-services.printing = {
-  enable = true;
-  drivers = [
-    pkgs.gutenprint
-    pkgs.hplip
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+{
+  imports = [
+    ./avahi.nix
+  ];
+  services.printing = {
+    enable = true;
+    drivers = [
+      pkgs.canon-cups-ufr2
+      pkgs.cups-filters
+      pkgs.gutenprint
+      pkgs.hplip
+    ];
+  };
+  hardware.sane.enable = true;
+  hardware.sane.extraBackends = [
+    pkgs.hplipWithPlugin
+    pkgs.sane-airscan
   ];
-};
-hardware.sane.enable = true;
-hardware.sane.extraBackends = [
-  pkgs.hplipWithPlugin
-];
+  services.colord.enable = true;
+  # ExplanationNote: cups-browsed only supports avahi, not systemd-resolved
+  services.avahi.enable = lib.mkDefault true;
+  services.resolved.extraConfig = ''
+    MulticastDNS=false
+  '';
+  networking.nftables.ruleset =
+    ''
+      table inet filter {
+        chain output-lan {
+          tcp dport { ipp, ipps } counter accept comment "printing: IPP"
+          tcp dport sane-port counter accept comment "sane-net: control port"
+          tcp dport {40000 - 40100} counter accept comment "saned: data ports"
+        }
+      }
+    ''
+    + lib.optionalString config.hardware.sane.openFirewall ''
+      table inet filter {
+        chain input-lan {
+          udp canon-bjnp2 counter accept comment "sane: discovery of scanners on the local network"
+        }
+      }
+    '';
 }