2014-04-14 14:26:48 +00:00
|
|
|
{ config, lib, pkgs, ... }:
|
2009-03-06 12:26:46 +00:00
|
|
|
|
2014-04-14 14:26:48 +00:00
|
|
|
with lib;
|
2007-04-02 17:31:58 +00:00
|
|
|
|
|
|
|
let
|
|
|
|
|
2023-12-16 19:50:08 +00:00
|
|
|
inherit (pkgs) cups-pk-helper cups-filters xdg-utils;
|
2008-11-07 13:37:28 +00:00
|
|
|
|
2009-08-27 23:16:09 +00:00
|
|
|
cfg = config.services.printing;
|
2023-12-16 19:50:08 +00:00
|
|
|
cups = cfg.package;
|
2008-11-07 13:37:28 +00:00
|
|
|
|
2016-01-17 00:34:39 +00:00
|
|
|
avahiEnabled = config.services.avahi.enable;
|
|
|
|
polkitEnabled = config.security.polkit.enable;
|
|
|
|
|
2018-11-08 10:59:03 +00:00
|
|
|
additionalBackends = pkgs.runCommand "additional-cups-backends" {
|
|
|
|
preferLocalBuild = true;
|
|
|
|
} ''
|
2012-05-25 15:51:33 +00:00
|
|
|
mkdir -p $out
|
2016-01-24 07:29:02 +00:00
|
|
|
if [ ! -e ${cups.out}/lib/cups/backend/smb ]; then
|
2012-05-25 15:51:33 +00:00
|
|
|
mkdir -p $out/lib/cups/backend
|
2010-12-15 22:36:39 +00:00
|
|
|
ln -sv ${pkgs.samba}/bin/smbspool $out/lib/cups/backend/smb
|
2010-04-25 18:27:00 +00:00
|
|
|
fi
|
2010-04-19 10:54:39 +00:00
|
|
|
|
|
|
|
# Provide support for printing via HTTPS.
|
2016-01-24 07:29:02 +00:00
|
|
|
if [ ! -e ${cups.out}/lib/cups/backend/https ]; then
|
2012-05-25 15:51:33 +00:00
|
|
|
mkdir -p $out/lib/cups/backend
|
2016-01-24 07:29:02 +00:00
|
|
|
ln -sv ${cups.out}/lib/cups/backend/ipp $out/lib/cups/backend/https
|
2010-04-25 18:27:00 +00:00
|
|
|
fi
|
2010-04-19 10:54:39 +00:00
|
|
|
'';
|
|
|
|
|
2008-11-07 13:37:28 +00:00
|
|
|
# Here we can enable additional backends, filters, etc. that are not
|
|
|
|
# part of CUPS itself, e.g. the SMB backend is part of Samba. Since
|
2016-01-24 07:29:02 +00:00
|
|
|
# we can't update ${cups.out}/lib/cups itself, we create a symlink tree
|
2008-11-07 13:37:28 +00:00
|
|
|
# here and add the additional programs. The ServerBin directive in
|
2019-10-23 16:57:01 +00:00
|
|
|
# cups-files.conf tells cupsd to use this tree.
|
2010-04-15 15:47:07 +00:00
|
|
|
bindir = pkgs.buildEnv {
|
|
|
|
name = "cups-progs";
|
2016-01-17 00:38:52 +00:00
|
|
|
paths =
|
2016-08-25 15:48:35 +00:00
|
|
|
[ cups.out additionalBackends cups-filters pkgs.ghostscript ]
|
2016-01-17 00:38:52 +00:00
|
|
|
++ cfg.drivers;
|
2017-07-02 02:47:14 +00:00
|
|
|
pathsToLink = [ "/lib" "/share/cups" "/bin" ];
|
2010-04-25 18:27:00 +00:00
|
|
|
postBuild = cfg.bindirCmds;
|
2014-11-24 16:40:03 +00:00
|
|
|
ignoreCollisions = true;
|
2010-04-15 15:47:07 +00:00
|
|
|
};
|
2007-04-02 17:31:58 +00:00
|
|
|
|
2016-01-17 01:10:29 +00:00
|
|
|
writeConf = name: text: pkgs.writeTextFile {
|
|
|
|
inherit name text;
|
|
|
|
destination = "/etc/cups/${name}";
|
|
|
|
};
|
|
|
|
|
|
|
|
cupsFilesFile = writeConf "cups-files.conf" ''
|
|
|
|
SystemGroup root wheel
|
|
|
|
|
|
|
|
ServerBin ${bindir}/lib/cups
|
|
|
|
DataDir ${bindir}/share/cups
|
2017-03-12 17:09:39 +00:00
|
|
|
DocumentRoot ${cups.out}/share/doc/cups
|
2016-01-17 01:10:29 +00:00
|
|
|
|
|
|
|
AccessLog syslog
|
|
|
|
ErrorLog syslog
|
|
|
|
PageLog syslog
|
|
|
|
|
|
|
|
TempDir ${cfg.tempDir}
|
|
|
|
|
2019-04-05 05:32:26 +00:00
|
|
|
SetEnv PATH /var/lib/cups/path/lib/cups/filter:/var/lib/cups/path/bin
|
|
|
|
|
2016-01-17 01:10:29 +00:00
|
|
|
# User and group used to run external programs, including
|
|
|
|
# those that actually send the job to the printer. Note that
|
|
|
|
# Udev sets the group of printer devices to `lp', so we want
|
|
|
|
# these programs to run as `lp' as well.
|
|
|
|
User cups
|
|
|
|
Group lp
|
|
|
|
|
|
|
|
${cfg.extraFilesConf}
|
|
|
|
'';
|
|
|
|
|
|
|
|
cupsdFile = writeConf "cupsd.conf" ''
|
|
|
|
${concatMapStrings (addr: ''
|
|
|
|
Listen ${addr}
|
|
|
|
'') cfg.listenAddresses}
|
2018-12-19 21:51:36 +00:00
|
|
|
Listen /run/cups/cups.sock
|
2016-01-17 01:10:29 +00:00
|
|
|
|
|
|
|
DefaultShared ${if cfg.defaultShared then "Yes" else "No"}
|
|
|
|
|
|
|
|
Browsing ${if cfg.browsing then "Yes" else "No"}
|
|
|
|
|
|
|
|
WebInterface ${if cfg.webInterface then "Yes" else "No"}
|
|
|
|
|
2018-04-27 16:34:02 +00:00
|
|
|
LogLevel ${cfg.logLevel}
|
|
|
|
|
2016-01-17 01:10:29 +00:00
|
|
|
${cfg.extraConf}
|
|
|
|
'';
|
|
|
|
|
|
|
|
browsedFile = writeConf "cups-browsed.conf" cfg.browsedConf;
|
|
|
|
|
2016-01-17 01:12:11 +00:00
|
|
|
rootdir = pkgs.buildEnv {
|
|
|
|
name = "cups-progs";
|
|
|
|
paths = [
|
|
|
|
cupsFilesFile
|
|
|
|
cupsdFile
|
|
|
|
(writeConf "client.conf" cfg.clientConf)
|
|
|
|
(writeConf "snmp.conf" cfg.snmpConf)
|
|
|
|
] ++ optional avahiEnabled browsedFile
|
|
|
|
++ cfg.drivers;
|
|
|
|
pathsToLink = [ "/etc/cups" ];
|
|
|
|
ignoreCollisions = true;
|
|
|
|
};
|
|
|
|
|
2021-03-14 10:59:00 +00:00
|
|
|
filterGutenprint = filter (pkg: pkg.meta.isGutenprint or false == true);
|
2017-08-20 11:20:45 +00:00
|
|
|
containsGutenprint = pkgs: length (filterGutenprint pkgs) > 0;
|
|
|
|
getGutenprint = pkgs: head (filterGutenprint pkgs);
|
|
|
|
|
2023-11-05 15:01:20 +00:00
|
|
|
parsePorts = addresses: let
|
2023-11-07 09:21:48 +00:00
|
|
|
splitAddress = addr: strings.splitString ":" addr;
|
|
|
|
extractPort = addr: builtins.foldl' (a: b: b) "" (splitAddress addr);
|
2023-11-05 15:01:20 +00:00
|
|
|
in
|
2023-11-07 09:21:48 +00:00
|
|
|
builtins.map (address: strings.toInt (extractPort address)) addresses;
|
2023-11-05 15:01:20 +00:00
|
|
|
|
2009-10-12 16:36:19 +00:00
|
|
|
in
|
2007-04-02 17:31:58 +00:00
|
|
|
|
2009-10-12 16:36:19 +00:00
|
|
|
{
|
2007-04-02 17:31:58 +00:00
|
|
|
|
2019-12-10 01:51:19 +00:00
|
|
|
imports = [
|
|
|
|
(mkChangedOptionModule [ "services" "printing" "gutenprint" ] [ "services" "printing" "drivers" ]
|
|
|
|
(config:
|
|
|
|
let enabled = getAttrFromPath [ "services" "printing" "gutenprint" ] config;
|
|
|
|
in if enabled then [ pkgs.gutenprint ] else [ ]))
|
|
|
|
(mkRemovedOptionModule [ "services" "printing" "cupsFilesConf" ] "")
|
|
|
|
(mkRemovedOptionModule [ "services" "printing" "cupsdConf" ] "")
|
|
|
|
];
|
|
|
|
|
2009-10-12 16:36:19 +00:00
|
|
|
###### interface
|
|
|
|
|
|
|
|
options = {
|
|
|
|
services.printing = {
|
|
|
|
|
|
|
|
enable = mkOption {
|
2013-10-30 16:37:45 +00:00
|
|
|
type = types.bool;
|
2009-10-12 16:36:19 +00:00
|
|
|
default = false;
|
2024-04-13 12:54:15 +00:00
|
|
|
description = ''
|
2009-10-12 16:36:19 +00:00
|
|
|
Whether to enable printing support through the CUPS daemon.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-12-16 19:50:08 +00:00
|
|
|
package = lib.mkPackageOption pkgs "cups" {};
|
|
|
|
|
2022-10-17 21:59:24 +00:00
|
|
|
stateless = mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = false;
|
2024-04-13 12:54:15 +00:00
|
|
|
description = ''
|
2022-10-17 21:59:24 +00:00
|
|
|
If set, all state directories relating to CUPS will be removed on
|
|
|
|
startup of the service.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2018-03-15 11:55:03 +00:00
|
|
|
startWhenNeeded = mkOption {
|
|
|
|
type = types.bool;
|
2019-08-09 17:59:47 +00:00
|
|
|
default = true;
|
2024-04-13 12:54:15 +00:00
|
|
|
description = ''
|
2018-03-15 11:55:03 +00:00
|
|
|
If set, CUPS is socket-activated; that is,
|
|
|
|
instead of having it permanently running as a daemon,
|
|
|
|
systemd will start it on the first incoming connection.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2014-04-24 22:30:12 +00:00
|
|
|
listenAddresses = mkOption {
|
|
|
|
type = types.listOf types.str;
|
2018-02-23 10:41:15 +00:00
|
|
|
default = [ "localhost:631" ];
|
2014-04-24 22:30:12 +00:00
|
|
|
example = [ "*:631" ];
|
2024-04-13 12:54:15 +00:00
|
|
|
description = ''
|
2014-04-24 22:30:12 +00:00
|
|
|
A list of addresses and ports on which to listen.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2020-04-25 17:48:34 +00:00
|
|
|
allowFrom = mkOption {
|
|
|
|
type = types.listOf types.str;
|
|
|
|
default = [ "localhost" ];
|
|
|
|
example = [ "all" ];
|
|
|
|
apply = concatMapStringsSep "\n" (x: "Allow ${x}");
|
2024-04-13 12:54:15 +00:00
|
|
|
description = ''
|
2020-04-25 17:48:34 +00:00
|
|
|
From which hosts to allow unconditional access.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-11-05 15:01:20 +00:00
|
|
|
openFirewall = mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = false;
|
|
|
|
description = ''
|
|
|
|
Whether to open the firewall for TCP/UDP ports specified in
|
|
|
|
listenAdrresses option.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2009-10-12 16:36:19 +00:00
|
|
|
bindirCmds = mkOption {
|
2013-10-30 16:37:45 +00:00
|
|
|
type = types.lines;
|
|
|
|
internal = true;
|
2009-10-12 16:36:19 +00:00
|
|
|
default = "";
|
2024-04-13 12:54:15 +00:00
|
|
|
description = ''
|
2009-10-12 16:36:19 +00:00
|
|
|
Additional commands executed while creating the directory
|
|
|
|
containing the CUPS server binaries.
|
|
|
|
'';
|
|
|
|
};
|
2007-04-02 17:31:58 +00:00
|
|
|
|
2015-05-04 20:32:35 +00:00
|
|
|
defaultShared = mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = false;
|
2024-04-13 12:54:15 +00:00
|
|
|
description = ''
|
2015-05-04 20:32:35 +00:00
|
|
|
Specifies whether local printers are shared by default.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2015-05-10 18:47:50 +00:00
|
|
|
browsing = mkOption {
|
2015-05-04 20:32:35 +00:00
|
|
|
type = types.bool;
|
|
|
|
default = false;
|
2024-04-13 12:54:15 +00:00
|
|
|
description = ''
|
2015-05-04 20:32:35 +00:00
|
|
|
Specifies whether shared printers are advertised.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
webInterface = mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = true;
|
2024-04-13 12:54:15 +00:00
|
|
|
description = ''
|
2015-05-04 20:32:35 +00:00
|
|
|
Specifies whether the web interface is enabled.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2018-04-27 16:34:02 +00:00
|
|
|
logLevel = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
default = "info";
|
|
|
|
example = "debug";
|
2024-04-13 12:54:15 +00:00
|
|
|
description = ''
|
2018-04-27 16:34:02 +00:00
|
|
|
Specifies the cupsd logging verbosity.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2016-01-17 01:10:29 +00:00
|
|
|
extraFilesConf = mkOption {
|
2014-12-16 02:12:02 +00:00
|
|
|
type = types.lines;
|
|
|
|
default = "";
|
2024-04-13 12:54:15 +00:00
|
|
|
description = ''
|
2016-01-17 01:10:29 +00:00
|
|
|
Extra contents of the configuration file of the CUPS daemon
|
2022-07-28 21:19:15 +00:00
|
|
|
({file}`cups-files.conf`).
|
2014-12-16 02:12:02 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2014-11-27 19:00:56 +00:00
|
|
|
extraConf = mkOption {
|
|
|
|
type = types.lines;
|
|
|
|
default = "";
|
|
|
|
example =
|
|
|
|
''
|
|
|
|
BrowsePoll cups.example.com
|
2018-04-27 16:34:02 +00:00
|
|
|
MaxCopies 42
|
2014-11-27 19:00:56 +00:00
|
|
|
'';
|
2024-04-13 12:54:15 +00:00
|
|
|
description = ''
|
2014-11-27 19:00:56 +00:00
|
|
|
Extra contents of the configuration file of the CUPS daemon
|
2022-07-28 21:19:15 +00:00
|
|
|
({file}`cupsd.conf`).
|
2014-11-27 19:00:56 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2014-06-11 19:52:53 +00:00
|
|
|
clientConf = mkOption {
|
|
|
|
type = types.lines;
|
|
|
|
default = "";
|
|
|
|
example =
|
|
|
|
''
|
|
|
|
ServerName server.example.com
|
|
|
|
Encryption Never
|
|
|
|
'';
|
2024-04-13 12:54:15 +00:00
|
|
|
description = ''
|
2014-06-11 19:52:53 +00:00
|
|
|
The contents of the client configuration.
|
2022-07-28 21:19:15 +00:00
|
|
|
({file}`client.conf`)
|
2014-06-11 19:52:53 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2014-12-11 12:27:29 +00:00
|
|
|
browsedConf = mkOption {
|
|
|
|
type = types.lines;
|
|
|
|
default = "";
|
|
|
|
example =
|
|
|
|
''
|
|
|
|
BrowsePoll cups.example.com
|
|
|
|
'';
|
2024-04-13 12:54:15 +00:00
|
|
|
description = ''
|
2014-12-11 12:27:29 +00:00
|
|
|
The contents of the configuration. file of the CUPS Browsed daemon
|
2022-07-28 21:19:15 +00:00
|
|
|
({file}`cups-browsed.conf`)
|
2014-12-11 12:27:29 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2015-08-13 08:12:52 +00:00
|
|
|
snmpConf = mkOption {
|
|
|
|
type = types.lines;
|
|
|
|
default = ''
|
|
|
|
Address @LOCAL
|
|
|
|
'';
|
2024-04-13 12:54:15 +00:00
|
|
|
description = ''
|
2022-07-28 21:19:15 +00:00
|
|
|
The contents of {file}`/etc/cups/snmp.conf`. See "man
|
2015-08-13 08:12:52 +00:00
|
|
|
cups-snmp.conf" for a complete description.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2010-04-15 15:47:07 +00:00
|
|
|
drivers = mkOption {
|
2013-10-30 16:37:45 +00:00
|
|
|
type = types.listOf types.path;
|
2016-01-17 00:38:52 +00:00
|
|
|
default = [];
|
2021-10-03 16:06:03 +00:00
|
|
|
example = literalExpression "with pkgs; [ gutenprint hplip splix ]";
|
2024-04-13 12:54:15 +00:00
|
|
|
description = ''
|
2017-08-20 11:20:45 +00:00
|
|
|
CUPS drivers to use. Drivers provided by CUPS, cups-filters,
|
|
|
|
Ghostscript and Samba are added unconditionally. If this list contains
|
|
|
|
Gutenprint (i.e. a derivation with
|
2022-07-28 21:19:15 +00:00
|
|
|
`meta.isGutenprint = true`) the PPD files in
|
|
|
|
{file}`/var/lib/cups/ppd` will be updated automatically
|
2017-08-20 11:20:45 +00:00
|
|
|
to avoid errors due to incompatible versions.
|
2010-04-15 15:47:07 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2010-04-25 18:27:00 +00:00
|
|
|
tempDir = mkOption {
|
2013-10-30 16:37:45 +00:00
|
|
|
type = types.path;
|
2010-04-25 18:27:00 +00:00
|
|
|
default = "/tmp";
|
|
|
|
example = "/tmp/cups";
|
2024-04-13 12:54:15 +00:00
|
|
|
description = ''
|
2010-04-25 18:27:00 +00:00
|
|
|
CUPSd temporary directory.
|
|
|
|
'';
|
|
|
|
};
|
2009-10-12 16:36:19 +00:00
|
|
|
};
|
2009-02-22 16:07:05 +00:00
|
|
|
|
2009-10-12 16:36:19 +00:00
|
|
|
};
|
2009-02-22 16:07:05 +00:00
|
|
|
|
2010-04-25 18:27:00 +00:00
|
|
|
|
2009-10-12 16:36:19 +00:00
|
|
|
###### implementation
|
2009-07-15 09:06:36 +00:00
|
|
|
|
2009-10-12 16:36:19 +00:00
|
|
|
config = mkIf config.services.printing.enable {
|
2009-07-15 09:06:36 +00:00
|
|
|
|
2019-09-14 17:51:29 +00:00
|
|
|
users.users.cups =
|
|
|
|
{ uid = config.ids.uids.cups;
|
2010-08-06 14:52:09 +00:00
|
|
|
group = "lp";
|
|
|
|
description = "CUPS printing services";
|
|
|
|
};
|
|
|
|
|
2023-06-15 21:17:29 +00:00
|
|
|
# We need xdg-open (part of xdg-utils) for the desktop-file to proper open the users default-browser when opening "Manage Printing"
|
|
|
|
# https://github.com/NixOS/nixpkgs/pull/237994#issuecomment-1597510969
|
|
|
|
environment.systemPackages = [ cups.out xdg-utils ] ++ optional polkitEnabled cups-pk-helper;
|
2019-08-13 21:52:01 +00:00
|
|
|
environment.etc.cups.source = "/var/lib/cups";
|
2009-07-15 09:06:36 +00:00
|
|
|
|
2016-04-16 17:18:07 +00:00
|
|
|
services.dbus.packages = [ cups.out ] ++ optional polkitEnabled cups-pk-helper;
|
2020-12-02 13:02:19 +00:00
|
|
|
services.udev.packages = cfg.drivers;
|
2009-11-04 22:44:21 +00:00
|
|
|
|
2019-09-06 17:51:38 +00:00
|
|
|
# Allow asswordless printer admin for members of wheel group
|
|
|
|
security.polkit.extraConfig = mkIf polkitEnabled ''
|
|
|
|
polkit.addRule(function(action, subject) {
|
|
|
|
if (action.id == "org.opensuse.cupspkhelper.mechanism.all-edit" &&
|
|
|
|
subject.isInGroup("wheel")){
|
|
|
|
return polkit.Result.YES;
|
|
|
|
}
|
|
|
|
});
|
|
|
|
'';
|
|
|
|
|
2010-08-06 14:52:09 +00:00
|
|
|
# Cups uses libusb to talk to printers, and does not use the
|
2010-06-07 21:09:27 +00:00
|
|
|
# linux kernel driver. If the driver is not in a black list, it
|
|
|
|
# gets loaded, and then cups cannot access the printers.
|
|
|
|
boot.blacklistedKernelModules = [ "usblp" ];
|
|
|
|
|
2019-07-18 21:15:19 +00:00
|
|
|
# Some programs like print-manager rely on this value to get
|
|
|
|
# printer test pages.
|
|
|
|
environment.sessionVariables.CUPS_DATADIR = "${bindir}/share/cups";
|
|
|
|
|
2016-04-16 07:07:48 +00:00
|
|
|
systemd.packages = [ cups.out ];
|
2009-03-06 12:26:46 +00:00
|
|
|
|
2018-03-15 11:55:03 +00:00
|
|
|
systemd.sockets.cups = mkIf cfg.startWhenNeeded {
|
|
|
|
wantedBy = [ "sockets.target" ];
|
2022-12-07 14:31:09 +00:00
|
|
|
listenStreams = [ "" "/run/cups/cups.sock" ]
|
2019-07-18 21:35:13 +00:00
|
|
|
++ map (x: replaceStrings ["localhost"] ["127.0.0.1"] (removePrefix "*:" x)) cfg.listenAddresses;
|
2018-03-15 11:55:03 +00:00
|
|
|
};
|
|
|
|
|
2015-04-28 18:37:34 +00:00
|
|
|
systemd.services.cups =
|
2018-03-15 11:55:03 +00:00
|
|
|
{ wantedBy = optionals (!cfg.startWhenNeeded) [ "multi-user.target" ];
|
2014-04-24 20:46:26 +00:00
|
|
|
wants = [ "network.target" ];
|
|
|
|
after = [ "network.target" ];
|
2009-10-12 16:36:19 +00:00
|
|
|
|
2016-04-16 17:18:07 +00:00
|
|
|
path = [ cups.out ];
|
2010-06-07 21:09:27 +00:00
|
|
|
|
2022-10-17 21:59:24 +00:00
|
|
|
preStart = lib.optionalString cfg.stateless ''
|
|
|
|
rm -rf /var/cache/cups /var/lib/cups /var/spool/cups
|
|
|
|
'' + ''
|
2009-03-06 12:26:46 +00:00
|
|
|
mkdir -m 0700 -p /var/cache/cups
|
|
|
|
mkdir -m 0700 -p /var/spool/cups
|
2010-04-25 18:27:00 +00:00
|
|
|
mkdir -m 0755 -p ${cfg.tempDir}
|
2009-03-06 12:26:46 +00:00
|
|
|
|
2016-01-17 01:12:11 +00:00
|
|
|
mkdir -m 0755 -p /var/lib/cups
|
2019-02-10 11:48:32 +00:00
|
|
|
# While cups will automatically create self-signed certificates if accessed via TLS,
|
|
|
|
# this directory to store the certificates needs to be created manually.
|
|
|
|
mkdir -m 0700 -p /var/lib/cups/ssl
|
|
|
|
|
2016-01-17 01:12:11 +00:00
|
|
|
# Backwards compatibility
|
|
|
|
if [ ! -L /etc/cups ]; then
|
|
|
|
mv /etc/cups/* /var/lib/cups
|
|
|
|
rmdir /etc/cups
|
|
|
|
ln -s /var/lib/cups /etc/cups
|
|
|
|
fi
|
|
|
|
# First, clean existing symlinks
|
|
|
|
if [ -n "$(ls /var/lib/cups)" ]; then
|
|
|
|
for i in /var/lib/cups/*; do
|
|
|
|
[ -L "$i" ] && rm "$i"
|
|
|
|
done
|
|
|
|
fi
|
|
|
|
# Then, populate it with static files
|
|
|
|
cd ${rootdir}/etc/cups
|
|
|
|
for i in *; do
|
|
|
|
[ ! -e "/var/lib/cups/$i" ] && ln -s "${rootdir}/etc/cups/$i" "/var/lib/cups/$i"
|
|
|
|
done
|
2016-12-14 02:23:16 +00:00
|
|
|
|
|
|
|
#update path reference
|
|
|
|
[ -L /var/lib/cups/path ] && \
|
|
|
|
rm /var/lib/cups/path
|
|
|
|
[ ! -e /var/lib/cups/path ] && \
|
|
|
|
ln -s ${bindir} /var/lib/cups/path
|
|
|
|
|
2017-08-20 11:20:45 +00:00
|
|
|
${optionalString (containsGutenprint cfg.drivers) ''
|
2016-03-15 18:43:39 +00:00
|
|
|
if [ -d /var/lib/cups/ppd ]; then
|
2017-08-20 11:20:45 +00:00
|
|
|
${getGutenprint cfg.drivers}/bin/cups-genppdupdate -p /var/lib/cups/ppd
|
2016-03-15 18:43:39 +00:00
|
|
|
fi
|
2016-01-17 01:05:02 +00:00
|
|
|
''}
|
2009-10-12 16:36:19 +00:00
|
|
|
'';
|
2017-05-10 08:52:11 +00:00
|
|
|
|
2022-11-30 15:11:13 +00:00
|
|
|
serviceConfig.PrivateTmp = true;
|
2009-10-12 16:36:19 +00:00
|
|
|
};
|
|
|
|
|
2016-01-17 00:34:39 +00:00
|
|
|
systemd.services.cups-browsed = mkIf avahiEnabled
|
2015-08-04 14:40:02 +00:00
|
|
|
{ description = "CUPS Remote Printer Discovery";
|
2014-12-11 12:27:29 +00:00
|
|
|
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
2019-07-18 21:32:41 +00:00
|
|
|
wants = [ "avahi-daemon.service" ] ++ optional (!cfg.startWhenNeeded) "cups.service";
|
|
|
|
bindsTo = [ "avahi-daemon.service" ] ++ optional (!cfg.startWhenNeeded) "cups.service";
|
|
|
|
partOf = [ "avahi-daemon.service" ] ++ optional (!cfg.startWhenNeeded) "cups.service";
|
|
|
|
after = [ "avahi-daemon.service" ] ++ optional (!cfg.startWhenNeeded) "cups.service";
|
2014-12-11 12:27:29 +00:00
|
|
|
|
|
|
|
path = [ cups ];
|
|
|
|
|
2016-08-25 15:48:35 +00:00
|
|
|
serviceConfig.ExecStart = "${cups-filters}/bin/cups-browsed";
|
2014-12-11 12:27:29 +00:00
|
|
|
|
2016-01-17 01:10:29 +00:00
|
|
|
restartTriggers = [ browsedFile ];
|
2014-12-11 12:27:29 +00:00
|
|
|
};
|
|
|
|
|
2016-01-17 01:10:29 +00:00
|
|
|
services.printing.extraConf =
|
2014-12-16 02:12:02 +00:00
|
|
|
''
|
2010-04-06 11:57:15 +00:00
|
|
|
DefaultAuthType Basic
|
|
|
|
|
|
|
|
<Location />
|
|
|
|
Order allow,deny
|
2020-04-25 17:48:34 +00:00
|
|
|
${cfg.allowFrom}
|
2010-04-06 11:57:15 +00:00
|
|
|
</Location>
|
|
|
|
|
|
|
|
<Location /admin>
|
|
|
|
Order allow,deny
|
2020-04-25 17:48:34 +00:00
|
|
|
${cfg.allowFrom}
|
2010-04-06 11:57:15 +00:00
|
|
|
</Location>
|
|
|
|
|
|
|
|
<Location /admin/conf>
|
|
|
|
AuthType Basic
|
|
|
|
Require user @SYSTEM
|
|
|
|
Order allow,deny
|
2020-04-25 17:48:34 +00:00
|
|
|
${cfg.allowFrom}
|
2010-04-06 11:57:15 +00:00
|
|
|
</Location>
|
|
|
|
|
|
|
|
<Policy default>
|
|
|
|
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
|
|
|
|
Require user @OWNER @SYSTEM
|
|
|
|
Order deny,allow
|
|
|
|
</Limit>
|
|
|
|
|
|
|
|
<Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
|
|
|
|
AuthType Basic
|
|
|
|
Require user @SYSTEM
|
|
|
|
Order deny,allow
|
|
|
|
</Limit>
|
|
|
|
|
|
|
|
<Limit Cancel-Job CUPS-Authenticate-Job>
|
|
|
|
Require user @OWNER @SYSTEM
|
|
|
|
Order deny,allow
|
|
|
|
</Limit>
|
|
|
|
|
|
|
|
<Limit All>
|
|
|
|
Order deny,allow
|
|
|
|
</Limit>
|
|
|
|
</Policy>
|
|
|
|
'';
|
|
|
|
|
2013-10-15 12:47:51 +00:00
|
|
|
security.pam.services.cups = {};
|
|
|
|
|
2023-11-05 15:01:20 +00:00
|
|
|
networking.firewall = let
|
|
|
|
listenPorts = parsePorts cfg.listenAddresses;
|
|
|
|
in mkIf cfg.openFirewall {
|
|
|
|
allowedTCPPorts = listenPorts;
|
|
|
|
allowedUDPPorts = listenPorts;
|
|
|
|
};
|
|
|
|
|
2009-10-12 16:36:19 +00:00
|
|
|
};
|
2019-08-14 15:44:30 +00:00
|
|
|
|
|
|
|
meta.maintainers = with lib.maintainers; [ matthewbauer ];
|
|
|
|
|
2007-04-02 17:31:58 +00:00
|
|
|
}
|