diff options
| -rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/services/printing/ipp-usb.nix | 63 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/ipp-usb/default.nix | 42 | ||||
| -rw-r--r-- | pkgs/top-level/all-packages.nix | 2 |
4 files changed, 108 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index a2d67afe1378..af6917ccab6f 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1016,6 +1016,7 @@ ./services/networking/zerotierone.nix ./services/networking/znc/default.nix ./services/printing/cupsd.nix + ./services/printing/ipp-usb.nix ./services/scheduling/atd.nix ./services/scheduling/cron.nix ./services/scheduling/fcron.nix diff --git a/nixos/modules/services/printing/ipp-usb.nix b/nixos/modules/services/printing/ipp-usb.nix new file mode 100644 index 000000000000..0425eb913731 --- /dev/null +++ b/nixos/modules/services/printing/ipp-usb.nix @@ -0,0 +1,63 @@ +{ config, lib, pkgs, ... }: { + options = { + services.ipp-usb = { + enable = lib.mkEnableOption (lib.mdDoc "ipp-usb, a daemon to turn an USB printer/scanner supporting IPP everywhere (aka AirPrint, WSD, AirScan) into a locally accessible network printer/scanner"); + }; + }; + config = lib.mkIf config.services.ipp-usb.enable { + systemd.services.ipp-usb = { + description = "Daemon for IPP over USB printer support"; + after = [ "cups.service" "avahi-deamon.service" ]; + wants = [ "avahi-daemon.service" ]; + serviceConfig = { + ExecStart = [ "${pkgs.ipp-usb}/bin/ipp-usb" ]; + Type = "simple"; + Restart = "on-failure"; + StateDirectory = "ipp-usb"; + LogsDirectory = "ipp-usb"; + + # hardening. + ProtectHome = true; + PrivateTmp = true; + PrivateUsers = true; + ProtectControlGroups = true; + MemoryDenyWriteExecute = true; + # breaks the daemon, presumably because it messes with DeviceAllow + ProtectClock = false; + ProtectKernelTunables = true; + ProtectKernelLogs = true; + ProtectSystem = "strict"; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + PrivateMounts = true; + ProtectHostname = true; + ProtectKernelModules = true; + RemoveIPC = true; + RestrictNamespaces = true; + AmbientCapabilities = ""; + CapabilityBoundingSet = ""; + NoNewPrivileges = true; + RestrictAddressFamilies = [ "AF_UNIX" "AF_NETLINK" "AF_INET" "AF_INET6" ]; + ProtectProc = "noaccess"; + }; + }; + + # starts the systemd service + services.udev.packages = [ pkgs.ipp-usb ]; + services.avahi = { + enable = true; + publish = { + enable = true; + userServices = true; + }; + }; + # enable printing and scanning by default, but not required. + services.printing.enable = lib.mkDefault true; + hardware.sane.enable = lib.mkDefault true; + # so that sane discovers scanners + hardware.sane.extraBackends = [ pkgs.sane-airscan ]; + }; +} + + diff --git a/pkgs/os-specific/linux/ipp-usb/default.nix b/pkgs/os-specific/linux/ipp-usb/default.nix new file mode 100644 index 000000000000..0e79b89cfa34 --- /dev/null +++ b/pkgs/os-specific/linux/ipp-usb/default.nix @@ -0,0 +1,42 @@ +{ buildGoModule, avahi, libusb1, pkg-config, lib, fetchFromGitHub, ronn }: +buildGoModule rec { + pname = "ipp-usb"; + version = "0.9.23"; + + src = fetchFromGitHub { + owner = "openprinting"; + repo = "ipp-usb"; + rev = version; + sha256 = "sha256-sbPQWKqkTaD3kLNs0noVIzAN9cwDEaULsqO7SMQH2Jo="; + }; + + postPatch = '' + # rebuild with patched paths + rm ipp-usb.8 + substituteInPlace Makefile --replace "install: all" "install: man" + substituteInPlace systemd-udev/ipp-usb.service --replace "/sbin" "$out/bin" + for i in Makefile paths.go ipp-usb.8.md; do + substituteInPlace $i --replace "/usr" "$out" + substituteInPlace $i --replace "/var/ipp-usb" "/var/lib/ipp-usb" + done + ''; + + nativeBuildInputs = [ pkg-config ronn ]; + buildInputs = [ libusb1 avahi ]; + + vendorSha256 = "sha256-KwW6KgopjF4tVo8eB4OtpXF5R8jfrJ9nibNmaN8U4l8="; + + postInstall = '' + # to accomodate the makefile + cp $out/bin/ipp-usb . + make install DESTDIR=$out + ''; + + meta = { + description = "Daemon to use the IPP everywhere protocol with USB printers"; + homepage = "https://github.com/OpenPrinting/ipp-usb"; + maintainers = [ lib.maintainers.symphorien ]; + platforms = lib.platforms.linux; + license = lib.licenses.bsd2; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index ee5b93764a9b..4b3b29a47330 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -3190,6 +3190,8 @@ with pkgs; ipgrep = callPackage ../tools/networking/ipgrep { }; + ipp-usb = callPackage ../os-specific/linux/ipp-usb { }; + itch = callPackage ../games/itch {}; itd = callPackage ../applications/misc/itd { }; |