{ config, lib, pkgs, ... }:
let
pkg = config.hardware.sane.backends-package.override {
scanSnapDriversUnfree = config.hardware.sane.drivers.scanSnap.enable;
scanSnapDriversPackage = config.hardware.sane.drivers.scanSnap.package;
};
sanedConf = pkgs.writeTextFile {
name = "saned.conf";
destination = "/etc/sane.d/saned.conf";
text = ''
localhost
${config.services.saned.extraConfig}
'';
};
netConf = pkgs.writeTextFile {
name = "net.conf";
destination = "/etc/sane.d/net.conf";
text = ''
${lib.optionalString config.services.saned.enable "localhost"}
${config.hardware.sane.netConf}
'';
};
env = {
SANE_CONFIG_DIR = "/etc/sane-config";
LD_LIBRARY_PATH = [ "/etc/sane-libs" ];
};
backends = [ pkg netConf ] ++ lib.optional config.services.saned.enable sanedConf ++ config.hardware.sane.extraBackends;
saneConfig = pkgs.mkSaneConfig { paths = backends; inherit (config.hardware.sane) disabledDefaultBackends; };
enabled = config.hardware.sane.enable || config.services.saned.enable;
in
{
###### interface
options = {
hardware.sane.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable support for SANE scanners.
::: {.note}
Users in the "scanner" group will gain access to the scanner, or the "lp" group if it's also a printer.
:::
'';
};
hardware.sane.backends-package = lib.mkOption {
type = lib.types.package;
default = pkgs.sane-backends;
defaultText = lib.literalExpression "pkgs.sane-backends";
description = "Backends driver package to use.";
};
hardware.sane.snapshot = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Use a development snapshot of SANE scanner drivers.";
};
hardware.sane.extraBackends = lib.mkOption {
type = lib.types.listOf lib.types.path;
default = [];
description = ''
Packages providing extra SANE backends to enable.
::: {.note}
The example contains the package for HP scanners, and the package for
Apple AirScan and Microsoft WSD support (supports many
vendors/devices).
:::
'';
example = lib.literalExpression "[ pkgs.hplipWithPlugin pkgs.sane-airscan ]";
};
hardware.sane.disabledDefaultBackends = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
example = [ "v4l" ];
description = ''
Names of backends which are enabled by default but should be disabled.
See `$SANE_CONFIG_DIR/dll.conf` for the list of possible names.
'';
};
hardware.sane.configDir = lib.mkOption {
type = lib.types.str;
internal = true;
description = "The value of SANE_CONFIG_DIR.";
};
hardware.sane.netConf = lib.mkOption {
type = lib.types.lines;
default = "";
example = "192.168.0.16";
description = ''
Network hosts that should be probed for remote scanners.
'';
};
hardware.sane.drivers.scanSnap.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = ''
Whether to enable drivers for the Fujitsu ScanSnap scanners.
The driver files are unfree and extracted from the Windows driver image.
'';
};
hardware.sane.drivers.scanSnap.package = lib.mkPackageOption pkgs [ "sane-drivers" "epjitsu" ] {
extraDescription = ''
Useful if you want to extract the driver files yourself.
The process is described in the {file}`/etc/sane.d/epjitsu.conf` file in
the `sane-backends` package.
'';
};
hardware.sane.openFirewall = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Open ports needed for discovery of scanners on the local network, e.g.
needed for Canon scanners (BJNP protocol).
'';
};
services.saned.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable saned network daemon for remote connection to scanners.
saned would be run from `scanner` user; to allow
access to hardware that doesn't have `scanner` group
you should add needed groups to this user.
'';
};
services.saned.extraConfig = lib.mkOption {
type = lib.types.lines;
default = "";
example = "192.168.0.0/24";
description = ''
Extra saned configuration lines.
'';
};
};
###### implementation
config = lib.mkMerge [
(lib.mkIf enabled {
hardware.sane.configDir = lib.mkDefault "${saneConfig}/etc/sane.d";
environment.systemPackages = backends;
environment.sessionVariables = env;
environment.etc."sane-config".source = config.hardware.sane.configDir;
environment.etc."sane-libs".source = "${saneConfig}/lib/sane";
services.udev.packages = backends;
users.groups.scanner.gid = config.ids.gids.scanner;
networking.firewall.allowedUDPPorts = lib.mkIf config.hardware.sane.openFirewall [ 8612 ];
systemd.tmpfiles.rules = [
"d /var/lock/sane 0770 root scanner - -"
];
})
(lib.mkIf config.services.saned.enable {
networking.firewall.connectionTrackingModules = [ "sane" ];
systemd.services."saned@" = {
description = "Scanner Service";
environment = lib.mapAttrs (name: val: toString val) env;
serviceConfig = {
User = "scanner";
Group = "scanner";
ExecStart = "${pkg}/bin/saned";
};
};
systemd.sockets.saned = {
description = "saned incoming socket";
wantedBy = [ "sockets.target" ];
listenStreams = [ "0.0.0.0:6566" "[::]:6566" ];
socketConfig = {
# saned needs to distinguish between IPv4 and IPv6 to open matching data sockets.
BindIPv6Only = "ipv6-only";
Accept = true;
MaxConnections = 64;
};
};
users.users.scanner = {
uid = config.ids.uids.scanner;
group = "scanner";
extraGroups = [ "lp" ] ++ lib.optionals config.services.avahi.enable [ "avahi" ];
};
})
];
}