--- /dev/null
+# Defaults for the saned initscript, from sane-utils
+
+# Set to yes to start saned
+RUN=yes
+
+# Set to the user saned should run as
+RUN_AS_USER=saned
--- /dev/null
+# saned.conf
+# Configuration for the saned daemon
+
+## Daemon options
+# Port range for the data connection. Choose a range inside [1024 - 65535].
+# Avoid specifying too large a range, for performance reasons.
+#
+# ONLY use this if your saned server is sitting behind a firewall. If your
+# firewall is a Linux machine, we strongly recommend using the
+# Netfilter nf_conntrack_sane connection tracking module instead.
+#
+# data_portrange = 10000 - 10100
+data_portrange = 10000 - 10100
+
+
+## Access list
+# A list of host names, IP addresses or IP subnets (CIDR notation) that
+# are permitted to use local SANE devices. IPv6 addresses must be enclosed
+# in brackets, and should always be specified in their compressed form.
+#
+# The hostname matching is not case-sensitive.
+
+#scan-client.somedomain.firm
+#192.168.0.1
+#192.168.0.1/29
+#[2001:7a8:185e::42:12]
+#[2001:7a8:185e::42:12]/64
+192.168.1.0/24
+
+# NOTE: /etc/inetd.conf (or /etc/xinetd.conf) and
+# /etc/services must also be properly configured to start
+# the saned daemon as documented in saned(8), services(4)
+# and inetd.conf(4) (or xinetd.conf(5)).
--- /dev/null
+class nodo::subsystem::scanner {
+ package { 'sane':
+ ensure => present,
+ }
+
+ group { [ 'lp', 'saned', 'scanner' ]:
+ ensure => present,
+ allowdupe => false,
+ }
+
+ user { 'saned':
+ ensure => present,
+ comment => 'saned',
+ gid => 'saned',
+ home => '/home/saned',
+ shell => '/bin/false',
+ allowdupe => false,
+ require => Group['lp', 'saned', 'scanner'],
+ }
+
+ file { '/etc/default/saned' :
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ source => 'puppet:///modules/nodo/etc/default/saned',
+ require => Package['saned'],
+ }
+
+ file { '/etc/sane.d/saned.conf' :
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ source => 'puppet:///modules/nodo/etc/sane.d/saned.conf',
+ require => Package['sane'],
+ }
+
+ service { 'saned' :
+ ensure => running,
+ enable => true,
+ require => Package['saned'],
+ subscribe => [ File['/etc/default/saned/', '/etc/sane.d/saned.conf'], User['saned'] ],
+ }
+
+ # Firewall
+ shorewall::rule { "saned":
+ action => 'ACCEPT',
+ source => 'net',
+ destination => '$FW',
+ proto => 'tcp',
+ destinationport => "6566",
+ ratelimit => '-',
+ order => 200,
+ }
+
+ shorewall::rule { "saned-range":
+ action => 'ACCEPT',
+ source => 'net',
+ destination => '$FW',
+ proto => 'tcp',
+ destinationport => "10000:10100",
+ ratelimit => '-',
+ order => 200,
+ }
+}
--- /dev/null
+class nodo::subsystem::scanner::client($server = hiera('nodo::subsystem::scanner::client::hostname', 'localhost')) {
+ package { 'sane':
+ ensure => present,
+ }
+
+ file { '/etc/sane.d/net.conf':
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ content => template('nodo/sane.d/net.conf.erb'),
+ require => Package['sane'],
+ }
+}
--- /dev/null
+# This is the net backend config file.
+
+## net backend options
+# Timeout for the initial connection to saned. This will prevent the backend
+# from blocking for several minutes trying to connect to an unresponsive
+# saned host (network outage, host down, ...). Value in seconds.
+# connect_timeout = 60
+
+## saned hosts
+# Each line names a host to attach to.
+# If you list "localhost" then your backends can be accessed either
+# directly or through the net backend. Going through the net backend
+# may be necessary to access devices that need special privileges.
+# localhost
+<%= server %>
projects / puppet-nodo.git / commitdiff