pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / printing / ipp-usb.nix
at 23.11-pre 2.1 kB view raw
1{ config, lib, pkgs, ... }: { 2 options = { 3 services.ipp-usb = { 4 enable = lib.mkEnableOption (lib.mdDoc "ipp-usb, a daemon to turn an USB printer/scanner supporting IPP everywhere (aka AirPrint, WSD, AirScan) into a locally accessible network printer/scanner"); 5 }; 6 }; 7 config = lib.mkIf config.services.ipp-usb.enable { 8 systemd.services.ipp-usb = { 9 description = "Daemon for IPP over USB printer support"; 10 after = [ "cups.service" "avahi-daemon.service" ]; 11 wants = [ "avahi-daemon.service" ]; 12 serviceConfig = { 13 ExecStart = [ "${pkgs.ipp-usb}/bin/ipp-usb" ]; 14 Type = "simple"; 15 Restart = "on-failure"; 16 StateDirectory = "ipp-usb"; 17 LogsDirectory = "ipp-usb"; 18 19 # hardening. 20 ProtectHome = true; 21 PrivateTmp = true; 22 PrivateUsers = true; 23 ProtectControlGroups = true; 24 MemoryDenyWriteExecute = true; 25 # breaks the daemon, presumably because it messes with DeviceAllow 26 ProtectClock = false; 27 ProtectKernelTunables = true; 28 ProtectKernelLogs = true; 29 ProtectSystem = "strict"; 30 RestrictRealtime = true; 31 RestrictSUIDSGID = true; 32 SystemCallArchitectures = "native"; 33 PrivateMounts = true; 34 ProtectHostname = true; 35 ProtectKernelModules = true; 36 RemoveIPC = true; 37 RestrictNamespaces = true; 38 AmbientCapabilities = ""; 39 CapabilityBoundingSet = ""; 40 NoNewPrivileges = true; 41 RestrictAddressFamilies = [ "AF_UNIX" "AF_NETLINK" "AF_INET" "AF_INET6" ]; 42 ProtectProc = "noaccess"; 43 }; 44 }; 45 46 # starts the systemd service 47 services.udev.packages = [ pkgs.ipp-usb ]; 48 services.avahi = { 49 enable = true; 50 publish = { 51 enable = true; 52 userServices = true; 53 }; 54 }; 55 # enable printing and scanning by default, but not required. 56 services.printing.enable = lib.mkDefault true; 57 hardware.sane.enable = lib.mkDefault true; 58 # so that sane discovers scanners 59 hardware.sane.extraBackends = [ pkgs.sane-airscan ]; 60 }; 61} 62 63