diff options
author | Nikolay Amiantov <ab@fmap.me> | 2016-11-11 03:49:02 +0300 |
---|---|---|
committer | Nikolay Amiantov <ab@fmap.me> | 2016-11-20 19:09:02 +0300 |
commit | 65f93413708a1aa6b43b573f5d8bebe50fc0f58c (patch) | |
tree | c51a4edc68d81d3f76159954ae933388f437e2c5 | |
parent | 4111710b8e27479000f5062b7f76f2f44c1a0582 (diff) | |
download | nixpkgs-65f93413708a1aa6b43b573f5d8bebe50fc0f58c.tar nixpkgs-65f93413708a1aa6b43b573f5d8bebe50fc0f58c.tar.gz nixpkgs-65f93413708a1aa6b43b573f5d8bebe50fc0f58c.tar.bz2 nixpkgs-65f93413708a1aa6b43b573f5d8bebe50fc0f58c.tar.lz nixpkgs-65f93413708a1aa6b43b573f5d8bebe50fc0f58c.tar.xz nixpkgs-65f93413708a1aa6b43b573f5d8bebe50fc0f58c.tar.zst nixpkgs-65f93413708a1aa6b43b573f5d8bebe50fc0f58c.zip |
sane service: add saned support
-rw-r--r-- | nixos/modules/misc/ids.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/hardware/sane.nix | 95 | ||||
-rw-r--r-- | pkgs/applications/graphics/sane/config.nix | 17 |
3 files changed, 91 insertions, 23 deletions
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 80a9a520e24..79f1e209738 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -84,7 +84,7 @@ spamd = 56; #networkmanager = 57; # unused nslcd = 58; - #scanner = 59; # unused + scanner = 59; nginx = 60; chrony = 61; #systemd-journal = 62; # unused diff --git a/nixos/modules/services/hardware/sane.nix b/nixos/modules/services/hardware/sane.nix index a3403740312..e69209c560b 100644 --- a/nixos/modules/services/hardware/sane.nix +++ b/nixos/modules/services/hardware/sane.nix @@ -7,9 +7,26 @@ let pkg = if config.hardware.sane.snapshot then pkgs.sane-backends-git else pkgs.sane-backends; - backends = [ pkg ] ++ config.hardware.sane.extraBackends; + + sanedConf = pkgs.writeTextFile { + name = "saned.conf"; + destination = "/etc/sane.d/saned.conf"; + text = '' + localhost + ${config.services.saned.extraConfig} + ''; + }; + + env = { + SANE_CONFIG_DIR = config.hardware.sane.configDir; + LD_LIBRARY_PATH = [ "${saneConfig}/lib/sane" ]; + }; + + backends = [ pkg ] ++ optional config.services.saned.enable sanedConf ++ config.hardware.sane.extraBackends; saneConfig = pkgs.mkSaneConfig { paths = backends; }; + enabled = config.hardware.sane.enable || config.services.saned.enable; + in { @@ -51,27 +68,77 @@ in hardware.sane.configDir = mkOption { type = types.string; + internal = true; description = "The value of SANE_CONFIG_DIR."; }; - }; - + services.saned.enable = mkOption { + type = types.bool; + default = false; + description = '' + Enable saned network daemon for remote connection to scanners. - ###### implementation + saned would be runned from <literal>scanner</literal> user; to allow + access to hardware that doesn't have <literal>scanner</literal> group + you should add needed groups to this user. + ''; + }; - config = mkIf config.hardware.sane.enable { + services.saned.extraConfig = mkOption { + type = types.lines; + default = ""; + example = "192.168.0.0/24"; + description = '' + Extra saned configuration lines. + ''; + }; - hardware.sane.configDir = mkDefault "${saneConfig}/etc/sane.d"; + }; - environment.systemPackages = backends; - environment.sessionVariables = { - SANE_CONFIG_DIR = config.hardware.sane.configDir; - LD_LIBRARY_PATH = [ "${saneConfig}/lib/sane" ]; - }; - services.udev.packages = backends; - users.extraGroups."scanner".gid = config.ids.gids.scanner; + ###### implementation - }; + config = mkMerge [ + (mkIf enabled { + hardware.sane.configDir = mkDefault "${saneConfig}/etc/sane.d"; + + environment.systemPackages = backends; + environment.sessionVariables = env; + services.udev.packages = backends; + + users.extraGroups."scanner".gid = config.ids.gids.scanner; + }) + + (mkIf config.services.saned.enable { + networking.firewall.connectionTrackingModules = [ "sane" ]; + + systemd.services."saned@" = { + description = "Scanner Service"; + environment = mapAttrs (name: val: toString val) env; + serviceConfig = { + User = "scanner"; + Group = "scanner"; + ExecStart = "${pkg}/bin/saned"; + }; + }; + + systemd.sockets.saned = { + description = "saned incoming socket"; + wantedBy = [ "sockets.target" ]; + listenStreams = [ "0.0.0.0:6566" "[::]:6566" ]; + socketConfig = { + # saned needs to distinguish between IPv4 and IPv6 to open matching data sockets. + BindIPv6Only = "ipv6-only"; + Accept = true; + MaxConnections = 1; + }; + }; + + users.extraUsers."scanner" = { + uid = config.ids.uids.scanner; + group = "scanner"; + }; + }) + ]; } diff --git a/pkgs/applications/graphics/sane/config.nix b/pkgs/applications/graphics/sane/config.nix index 4b8c7a4fe92..fb4e56eb6ce 100644 --- a/pkgs/applications/graphics/sane/config.nix +++ b/pkgs/applications/graphics/sane/config.nix @@ -4,25 +4,26 @@ with stdenv.lib; let installSanePath = path: '' - if test -e "${path}/lib/sane"; then + if [ -e "${path}/lib/sane" ]; then find "${path}/lib/sane" -maxdepth 1 -not -type d | while read backend; do - ln -s $backend $out/lib/sane/$(basename $backend) + ln -s "$backend" "$out/lib/sane/$(basename "$backend")" done fi - if test -e "${path}/etc/sane.d"; then + if [ -e "${path}/etc/sane.d" ]; then find "${path}/etc/sane.d" -maxdepth 1 -not -type d | while read conf; do - if test $(basename $conf) = "dll.conf"; then - cat $conf >> $out/etc/sane.d/dll.conf + name="$(basename $conf)" + if [ "$name" = "dll.conf" ] || [ "$name" = "saned.conf" ]; then + cat "$conf" >> "$out/etc/sane.d/$name" else - ln -s $conf $out/etc/sane.d/$(basename $conf) + ln -s "$conf" "$out/etc/sane.d/$name" fi done fi - if test -e "${path}/etc/sane.d/dll.d"; then + if [ -e "${path}/etc/sane.d/dll.d" ]; then find "${path}/etc/sane.d/dll.d" -maxdepth 1 -not -type d | while read conf; do - ln -s $conf $out/etc/sane.d/dll.d/$(basename $conf) + ln -s "$conf" "$out/etc/sane.d/dll.d/$(basename $conf)" done fi ''; |