Browse Source

enable network printing on pulsebert

container/radius
Daniel Poelzleithner 1 year ago
parent
commit
37823b1fb6
1 changed files with 53 additions and 2 deletions
  1. 53
    2
      hosts/pulsebert/configuration.nix

+ 53
- 2
hosts/pulsebert/configuration.nix View File

@@ -46,6 +46,7 @@ in {
46 46
     tmux
47 47
     vim
48 48
     git
49
+    openssl
49 50
     # NCurses Music Player Client (Plus Plus)
50 51
     # a commandline front-end client for mpd
51 52
     # 2019-01-21 mag vater gern gleich einen schoenen lokalen Verwaltung fuer MPD haben.
@@ -75,12 +76,62 @@ in {
75 76
     80 443 # Web/ympd
76 77
     6600 # mpd
77 78
   ];
78
-  # networking.firewall.allowedUDPPorts = [ ... ];
79
+  networking.firewall.allowedUDPPorts = [
80
+    631
81
+  ];
82
+  networking.firewall.extraCommands = ''
83
+        iptables -I INPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT   # zeroconf
84
+        iptables -I OUTPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT  # zeroconf
85
+  '';  # networking.firewall.allowedUDPPorts = [ ... ];
79 86
   # Or disable the firewall altogether.
80 87
   # networking.firewall.enable = false;
81 88
 
82 89
   # Enable CUPS to print documents.
83
-  services.printing.enable = true;
90
+  services.printing = {
91
+    enable = true;
92
+    browsing = true;
93
+    listenAddresses = [ "*:631" ];
94
+    defaultShared = true;
95
+    # logLevel = "debug";
96
+    drivers = [ pkgs.gutenprint pkgs.hplip pkgs.splix ];
97
+    extraConf =
98
+      ''
99
+        DefaultAuthType Basic
100
+        <Location />
101
+          Order allow,deny
102
+          Allow ALL
103
+        </Location>
104
+        <Location /admin>
105
+          Order allow,deny
106
+          Allow ALL
107
+        </Location>
108
+        <Location /admin/conf>
109
+          AuthType Basic
110
+          Require user @SYSTEM
111
+          Order allow,deny
112
+          Allow ALL
113
+        </Location>
114
+        <Policy default>
115
+          <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
116
+            Require user @OWNER @SYSTEM
117
+            Order deny,allow
118
+          </Limit>
119
+          <Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
120
+            AuthType Basic
121
+            Require user @SYSTEM
122
+            Order deny,allow
123
+          </Limit>
124
+          <Limit Cancel-Job CUPS-Authenticate-Job>
125
+            Require user @OWNER @SYSTEM
126
+            Order deny,allow
127
+          </Limit>
128
+          <Limit All>
129
+            Order deny,allow
130
+          </Limit>
131
+        </Policy>
132
+      '';
133
+
134
+  };
84 135
 
85 136
   # Enable sound.
86 137
   sound.enable = true;

Loading…
Cancel
Save