nixos/printing: make access to web-interface configurable

Otherwise you'd always get a 403 when hosting the web-interface of cups at a different location than `localhost`.
2020-04-25 19:48:34 +02:00 · 2020-04-25 19:48:34 +02:00 · 4062592f3a
commit 4062592f3a
parent 083ea0abbe
1 changed files with 13 additions and 3 deletions
--- a/nixos/modules/services/printing/cupsd.nix
+++ b/nixos/modules/services/printing/cupsd.nix
@ -153,6 +153,16 @@ in
        '';
      };

+      allowFrom = mkOption {
+        type = types.listOf types.str;
+        default = [ "localhost" ];
+        example = [ "all" ];
+        apply = concatMapStringsSep "\n" (x: "Allow ${x}");
+        description = ''
+          From which hosts to allow unconditional access.
+        '';
+      };
+
      bindirCmds = mkOption {
        type = types.lines;
        internal = true;
@ -403,19 +413,19 @@ in

        <Location />
          Order allow,deny
-          Allow localhost
+          ${cfg.allowFrom}
        </Location>

        <Location /admin>
          Order allow,deny
-          Allow localhost
+          ${cfg.allowFrom}
        </Location>

        <Location /admin/conf>
          AuthType Basic
          Require user @SYSTEM
          Order allow,deny
-          Allow localhost
+          ${cfg.allowFrom}
        </Location>

        <Policy default>