pyrox.dev
nixos/sane: ensure saned can access usb scanners (#367198)
authored by Guillaume Girol and committed by GitHub ba00c296 3f4d0743
+6
nixos/modules/services/hardware/sane.nix
+6
nixos/modules/services/hardware/sane.nix
···
184
environment.etc."sane-config".source = config.hardware.sane.configDir;
185
environment.etc."sane-libs".source = "${saneConfig}/lib/sane";
186
services.udev.packages = backends;
187
188
users.groups.scanner.gid = config.ids.gids.scanner;
189
networking.firewall.allowedUDPPorts = lib.mkIf config.hardware.sane.openFirewall [ 8612 ];
···
184
environment.etc."sane-config".source = config.hardware.sane.configDir;
185
environment.etc."sane-libs".source = "${saneConfig}/lib/sane";
186
services.udev.packages = backends;
187
+
# sane sets up udev rules that tag scanners with `uaccess`. This way, physically logged in users
188
+
# can access them without belonging to the `scanner` group. However, the `scanner` user used by saned
189
+
# does not have a real logind seat, so `uaccess` is not enough.
190
+
services.udev.extraRules = ''
191
+
ENV{DEVNAME}!="", ENV{libsane_matched}=="yes", RUN+="${pkgs.acl}/bin/setfacl -m g:scanner:rw $env{DEVNAME}"
192
+
'';
193
194
users.groups.scanner.gid = config.ids.gids.scanner;
195
networking.firewall.allowedUDPPorts = lib.mkIf config.hardware.sane.openFirewall [ 8612 ];