From c3cff074f8dc3aaa4739ae0f60d0b3c907aba164 Mon Sep 17 00:00:00 2001
From: Bjørn Forsman <bjorn.forsman@gmail.com>
Date: Fri, 4 Nov 2022 14:05:43 +0100
Subject: nixos/sane: add openFirewall option

Open ports needed for discovery of scanners on the local network, e.g.
needed for Canon scanners (BJNP protocol).

Ref. https://github.com/NixOS/nixpkgs/issues/28406.
---
 nixos/modules/services/hardware/sane.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/nixos/modules/services/hardware/sane.nix b/nixos/modules/services/hardware/sane.nix
index 5455cf56e8a..ab36e204e1a 100644
--- a/nixos/modules/services/hardware/sane.nix
+++ b/nixos/modules/services/hardware/sane.nix
@@ -124,6 +124,15 @@ in
       '';
     };
 
+    hardware.sane.openFirewall = mkOption {
+      type = types.bool;
+      default = false;
+      description = lib.mdDoc ''
+        Open ports needed for discovery of scanners on the local network, e.g.
+        needed for Canon scanners (BJNP protocol).
+      '';
+    };
+
     services.saned.enable = mkOption {
       type = types.bool;
       default = false;
@@ -159,6 +168,7 @@ in
       services.udev.packages = backends;
 
       users.groups.scanner.gid = config.ids.gids.scanner;
+      networking.firewall.allowedUDPPorts = mkIf config.hardware.sane.openFirewall [ 8612 ];
     })
 
     (mkIf config.services.saned.enable {
-- 
cgit 1.4.1