commit 35128eb6f81381da2a38094d6b3976c61d792489 · pyrox.dev/nixpkgs

+23

nixos/modules/services/printing/cupsd.nix

···

       108
       108
        
         containsGutenprint = pkgs: length (filterGutenprint pkgs) > 0;

     

       109
       109
        
         getGutenprint = pkgs: head (filterGutenprint pkgs);

     

       110
       110
        
       

     

       111
       111
       +
         parsePorts = addresses: let

     

       112
       112
       +
           splitAddress = addr: lib.strings.splitString ":" addr;

     

       113
       113
       +
           extractPort = addr: builtins.elemAt (builtins.tail (splitAddress addr)) 0;

     

       114
       114
       +
           toInt = str: lib.strings.toInt str;

     

       115
       115
       +
         in

     

       116
       116
       +
           builtins.map (address: toInt (extractPort address)) addresses;

     

       117
       117
       +
       

     

       111
       118
        
       in

     

       112
       119
        
       

     

       113
       120
        
       {

     
···

       169
       176
        
               apply = concatMapStringsSep "\n" (x: "Allow ${x}");

     

       170
       177
        
               description = lib.mdDoc ''

     

       171
       178
        
                 From which hosts to allow unconditional access.

     

       179
       179
       +
               '';

     

       180
       180
       +
             };

     

       181
       181
       +
       

     

       182
       182
       +
             openFirewall = mkOption {

     

       183
       183
       +
               type = types.bool;

     

       184
       184
       +
               default = false;

     

       185
       185
       +
               description = ''

     

       186
       186
       +
                 Whether to open the firewall for TCP/UDP ports specified in

     

       187
       187
       +
                 listenAdrresses option.

     

       172
       188
        
               '';

     

       173
       189
        
             };

     

       174
       190
        
       

     
···

       462
       478
        
             '';

     

       463
       479
        
       

     

       464
       480
        
           security.pam.services.cups = {};

     

       481
       481
       +
       

     

       482
       482
       +
           networking.firewall = let

     

       483
       483
       +
             listenPorts = parsePorts cfg.listenAddresses;

     

       484
       484
       +
           in mkIf cfg.openFirewall {

     

       485
       485
       +
             allowedTCPPorts = listenPorts;

     

       486
       486
       +
             allowedUDPPorts = listenPorts;

     

       487
       487
       +
           };

     

       465
       488
        
       

     

       466
       489
        
         };

     

       467
       490

+1 -1

nixos/tests/printing.nix

···

       19
       19
        
             startWhenNeeded = socket;

     

       20
       20
        
             listenAddresses = [ "*:631" ];

     

       21
       21
        
             defaultShared = true;

     

       22
       22
       +
             openFirewall = true;

     

       22
       23
        
             extraConf = ''

     

       23
       24
        
               <Location />

     

       24
       25
        
                 Order allow,deny

     
···

       26
       27
        
               </Location>

     

       27
       28
        
             '';

     

       28
       29
        
           };

     

       29
       29
       -
           networking.firewall.allowedTCPPorts = [ 631 ];

     

       30
       30
        
           # Add a HP Deskjet printer connected via USB to the server.

     

       31
       31
        
           hardware.printers.ensurePrinters = [{

     

       32
       32
        
             name = "DeskjetLocal";