From 65f93413708a1aa6b43b573f5d8bebe50fc0f58c Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Fri, 11 Nov 2016 03:49:02 +0300 Subject: sane service: add saned support --- nixos/modules/misc/ids.nix | 2 +- nixos/modules/services/hardware/sane.nix | 95 +++++++++++++++++++++++++++----- 2 files changed, 82 insertions(+), 15 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 80a9a520e24e..79f1e2097388 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -84,7 +84,7 @@ spamd = 56; #networkmanager = 57; # unused nslcd = 58; - #scanner = 59; # unused + scanner = 59; nginx = 60; chrony = 61; #systemd-journal = 62; # unused diff --git a/nixos/modules/services/hardware/sane.nix b/nixos/modules/services/hardware/sane.nix index a34037403123..e69209c560b5 100644 --- a/nixos/modules/services/hardware/sane.nix +++ b/nixos/modules/services/hardware/sane.nix @@ -7,9 +7,26 @@ let pkg = if config.hardware.sane.snapshot then pkgs.sane-backends-git else pkgs.sane-backends; - backends = [ pkg ] ++ config.hardware.sane.extraBackends; + + sanedConf = pkgs.writeTextFile { + name = "saned.conf"; + destination = "/etc/sane.d/saned.conf"; + text = '' + localhost + ${config.services.saned.extraConfig} + ''; + }; + + env = { + SANE_CONFIG_DIR = config.hardware.sane.configDir; + LD_LIBRARY_PATH = [ "${saneConfig}/lib/sane" ]; + }; + + backends = [ pkg ] ++ optional config.services.saned.enable sanedConf ++ config.hardware.sane.extraBackends; saneConfig = pkgs.mkSaneConfig { paths = backends; }; + enabled = config.hardware.sane.enable || config.services.saned.enable; + in { @@ -51,27 +68,77 @@ in hardware.sane.configDir = mkOption { type = types.string; + internal = true; description = "The value of SANE_CONFIG_DIR."; }; - }; - + services.saned.enable = mkOption { + type = types.bool; + default = false; + description = '' + Enable saned network daemon for remote connection to scanners. - ###### implementation + saned would be runned from scanner user; to allow + access to hardware that doesn't have scanner group + you should add needed groups to this user. + ''; + }; - config = mkIf config.hardware.sane.enable { + services.saned.extraConfig = mkOption { + type = types.lines; + default = ""; + example = "192.168.0.0/24"; + description = '' + Extra saned configuration lines. + ''; + }; - hardware.sane.configDir = mkDefault "${saneConfig}/etc/sane.d"; + }; - environment.systemPackages = backends; - environment.sessionVariables = { - SANE_CONFIG_DIR = config.hardware.sane.configDir; - LD_LIBRARY_PATH = [ "${saneConfig}/lib/sane" ]; - }; - services.udev.packages = backends; - users.extraGroups."scanner".gid = config.ids.gids.scanner; + ###### implementation - }; + config = mkMerge [ + (mkIf enabled { + hardware.sane.configDir = mkDefault "${saneConfig}/etc/sane.d"; + + environment.systemPackages = backends; + environment.sessionVariables = env; + services.udev.packages = backends; + + users.extraGroups."scanner".gid = config.ids.gids.scanner; + }) + + (mkIf config.services.saned.enable { + networking.firewall.connectionTrackingModules = [ "sane" ]; + + systemd.services."saned@" = { + description = "Scanner Service"; + environment = mapAttrs (name: val: toString val) env; + serviceConfig = { + User = "scanner"; + Group = "scanner"; + ExecStart = "${pkg}/bin/saned"; + }; + }; + + systemd.sockets.saned = { + description = "saned incoming socket"; + wantedBy = [ "sockets.target" ]; + listenStreams = [ "0.0.0.0:6566" "[::]:6566" ]; + socketConfig = { + # saned needs to distinguish between IPv4 and IPv6 to open matching data sockets. + BindIPv6Only = "ipv6-only"; + Accept = true; + MaxConnections = 1; + }; + }; + + users.extraUsers."scanner" = { + uid = config.ids.uids.scanner; + group = "scanner"; + }; + }) + ]; } -- cgit 1.4.1