roles/printserver: override admin and listen settings

2025-08-07 21:21:39 -07:00
parent 4be05c57c5
commit a097825728
1 changed files with 40 additions and 0 deletions
--- a/roles/printserver.nix
+++ b/roles/printserver.nix
@@ -60,6 +60,46 @@ in
      openFirewall = true;
      webInterface = true;
      drivers = [ pkgs.gutenprint ];
+
+      extraConf = ''
+        LogLevel warn
+        Listen 0.0.0.0:631
+        Browsing On
+        BrowseLocalProtocols dnssd
+        SharePrinters yes
+        HostNameLookups on
+        ServerAlias *
+
+        DefaultAuthType Basic
+
+        # Allow general access to the CUPS web interface
+        <Location />
+          Order allow,deny
+          Allow 127.0.0.1
+          Allow 192.168.1.*
+          Allow 100.64.5.0/24
+        </Location>
+
+        # Admin access (requires login)
+        <Location /admin>
+          AuthType Default
+          Require valid-user
+          Order allow,deny
+          Allow 127.0.0.1
+          Allow 192.168.1.*
+          Allow 100.64.5.0/24
+        </Location>
+
+        # Access to admin config files (also requires login)
+        <Location /admin/conf>
+          AuthType Default
+          Require valid-user
+          Order allow,deny
+          Allow 127.0.0.1
+          Allow 192.168.1.*
+          Allow 100.64.5.0/24
+        </Location>
+      '';
    };

    services.traefik = {