Next: Desktop Services, Previous: X Window, Up: Services [Contents][Index]
The (gnu services cups)
module provides a Guix service definition
for the CUPS printing service. To add printer support to a Guix
system, add a cups-service
to the operating system definition:
The service type for the CUPS print server. Its value should be a valid CUPS configuration (see below). To use the default settings, simply write:
(service cups-service-type)
The CUPS configuration controls the basic things about your CUPS installation: what interfaces it listens on, what to do if a print job fails, how much logging to do, and so on. To actually add a printer, you have to visit the http://localhost:631 URL, or use a tool such as GNOME’s printer configuration services. By default, configuring a CUPS service will generate a self-signed certificate if needed, for secure connections to the print server.
Suppose you want to enable the Web interface of CUPS and also add
support for Epson printers via the epson-inkjet-printer-escpr
package and for HP printers via the hplip-minimal
package.
You can do that directly, like this (you need to use the
(gnu packages cups)
module):
(service cups-service-type (cups-configuration (web-interface? #t) (extensions (list cups-filters epson-inkjet-printer-escpr hplip-minimal))))
Note: If you wish to use the Qt5 based GUI which comes with the hplip
package then it is suggested that you install the hplip
package,
either in your OS configuration file or as your user.
The available configuration parameters follow. Each parameter
definition is preceded by its type; for example, ‘string-list foo’
indicates that the foo
parameter should be specified as a list of
strings. There is also a way to specify the configuration as a string,
if you have an old cupsd.conf
file that you want to port over
from some other system; see the end for more details.
Available cups-configuration
fields are:
cups-configuration
parameter: package cupsThe CUPS package.
cups-configuration
parameter: package-list extensions (default: (list brlaser cups-filters epson-inkjet-printer-escpr foomatic-filters hplip-minimal splix)
)Drivers and other extensions to the CUPS package.
cups-configuration
parameter: files-configuration files-configurationConfiguration of where to write logs, what directories to use for print spools, and related privileged configuration parameters.
Available files-configuration
fields are:
files-configuration
parameter: log-location access-logDefines the access log filename. Specifying a blank filename disables
access log generation. The value stderr
causes log entries to be
sent to the standard error file when the scheduler is running in the
foreground, or to the system log daemon when run in the background. The
value syslog
causes log entries to be sent to the system log
daemon. The server name may be included in filenames using the string
%s
, as in /var/log/cups/%s-access_log
.
Defaults to ‘"/var/log/cups/access_log"’.
files-configuration
parameter: file-name cache-dirWhere CUPS should cache data.
Defaults to ‘"/var/cache/cups"’.
files-configuration
parameter: string config-file-permSpecifies the permissions for all configuration files that the scheduler writes.
Note that the permissions for the printers.conf file are currently masked to only allow access from the scheduler user (typically root). This is done because printer device URIs sometimes contain sensitive authentication information that should not be generally known on the system. There is no way to disable this security feature.
Defaults to ‘"0640"’.
files-configuration
parameter: log-location error-logDefines the error log filename. Specifying a blank filename disables
error log generation. The value stderr
causes log entries to be
sent to the standard error file when the scheduler is running in the
foreground, or to the system log daemon when run in the background. The
value syslog
causes log entries to be sent to the system log
daemon. The server name may be included in filenames using the string
%s
, as in /var/log/cups/%s-error_log
.
Defaults to ‘"/var/log/cups/error_log"’.
files-configuration
parameter: string fatal-errorsSpecifies which errors are fatal, causing the scheduler to exit. The kind strings are:
none
No errors are fatal.
all
All of the errors below are fatal.
browse
Browsing initialization errors are fatal, for example failed connections to the DNS-SD daemon.
config
Configuration file syntax errors are fatal.
listen
Listen or Port errors are fatal, except for IPv6 failures on the
loopback or any
addresses.
log
Log file creation or write errors are fatal.
permissions
Bad startup file permissions are fatal, for example shared TLS certificate and key files with world-read permissions.
Defaults to ‘"all -browse"’.
files-configuration
parameter: boolean file-device?Specifies whether the file pseudo-device can be used for new printer queues. The URI file:///dev/null is always allowed.
Defaults to ‘#f’.
files-configuration
parameter: string groupSpecifies the group name or ID that will be used when executing external programs.
Defaults to ‘"lp"’.
files-configuration
parameter: string log-file-groupSpecifies the group name or ID that will be used for log files.
Defaults to ‘"lpadmin"’.
files-configuration
parameter: string log-file-permSpecifies the permissions for all log files that the scheduler writes.
Defaults to ‘"0644"’.
files-configuration
parameter: log-location page-logDefines the page log filename. Specifying a blank filename disables
page log generation. The value stderr
causes log entries to be
sent to the standard error file when the scheduler is running in the
foreground, or to the system log daemon when run in the background. The
value syslog
causes log entries to be sent to the system log
daemon. The server name may be included in filenames using the string
%s
, as in /var/log/cups/%s-page_log
.
Defaults to ‘"/var/log/cups/page_log"’.
files-configuration
parameter: string remote-rootSpecifies the username that is associated with unauthenticated accesses
by clients claiming to be the root user. The default is remroot
.
Defaults to ‘"remroot"’.
files-configuration
parameter: file-name request-rootSpecifies the directory that contains print jobs and other HTTP request data.
Defaults to ‘"/var/spool/cups"’.
files-configuration
parameter: sandboxing sandboxingSpecifies the level of security sandboxing that is applied to print
filters, backends, and other child processes of the scheduler; either
relaxed
or strict
. This directive is currently only
used/supported on macOS.
Defaults to ‘strict’.
files-configuration
parameter: file-name server-keychainSpecifies the location of TLS certificates and private keys. CUPS will look for public and private keys in this directory: .crt files for PEM-encoded certificates and corresponding .key files for PEM-encoded private keys.
Defaults to ‘"/etc/cups/ssl"’.
files-configuration
parameter: file-name server-rootSpecifies the directory containing the server configuration files.
Defaults to ‘"/etc/cups"’.
files-configuration
parameter: boolean sync-on-close?Specifies whether the scheduler calls fsync(2) after writing configuration or state files.
Defaults to ‘#f’.
files-configuration
parameter: space-separated-string-list system-groupSpecifies the group(s) to use for @SYSTEM
group authentication.
files-configuration
parameter: file-name temp-dirSpecifies the directory where temporary files are stored.
Defaults to ‘"/var/spool/cups/tmp"’.
files-configuration
parameter: string userSpecifies the user name or ID that is used when running external programs.
Defaults to ‘"lp"’.
files-configuration
parameter: string set-envSet the specified environment variable to be passed to child processes.
Defaults to ‘"variable value"’.
cups-configuration
parameter: access-log-level access-log-levelSpecifies the logging level for the AccessLog file. The config
level logs when printers and classes are added, deleted, or modified and
when configuration files are accessed or updated. The actions
level logs when print jobs are submitted, held, released, modified, or
canceled, and any of the conditions for config
. The all
level logs all requests.
Defaults to ‘actions’.
cups-configuration
parameter: boolean auto-purge-jobs?Specifies whether to purge job history data automatically when it is no longer required for quotas.
Defaults to ‘#f’.
cups-configuration
parameter: comma-separated-string-list browse-dns-sd-sub-typesSpecifies a list of DNS-SD sub-types to advertise for each shared printer. For example, ‘"_cups" "_print"’ will tell network clients that both CUPS sharing and IPP Everywhere are supported.
Defaults to ‘"_cups"’.
cups-configuration
parameter: browse-local-protocols browse-local-protocolsSpecifies which protocols to use for local printer sharing.
Defaults to ‘dnssd’.
cups-configuration
parameter: boolean browse-web-if?Specifies whether the CUPS web interface is advertised.
Defaults to ‘#f’.
cups-configuration
parameter: boolean browsing?Specifies whether shared printers are advertised.
Defaults to ‘#f’.
cups-configuration
parameter: string classificationSpecifies the security classification of the server. Any valid banner name can be used, including ‘"classified"’, ‘"confidential"’, ‘"secret"’, ‘"topsecret"’, and ‘"unclassified"’, or the banner can be omitted to disable secure printing functions.
Defaults to ‘""’.
cups-configuration
parameter: boolean classify-override?Specifies whether users may override the classification (cover page) of
individual print jobs using the job-sheets
option.
Defaults to ‘#f’.
cups-configuration
parameter: default-auth-type default-auth-typeSpecifies the default type of authentication to use.
Defaults to ‘Basic’.
cups-configuration
parameter: default-encryption default-encryptionSpecifies whether encryption will be used for authenticated requests.
Defaults to ‘Required’.
cups-configuration
parameter: string default-languageSpecifies the default language to use for text and web content.
Defaults to ‘"en"’.
cups-configuration
parameter: string default-paper-sizeSpecifies the default paper size for new print queues. ‘"Auto"’ uses a locale-specific default, while ‘"None"’ specifies there is no default paper size. Specific size names are typically ‘"Letter"’ or ‘"A4"’.
Defaults to ‘"Auto"’.
cups-configuration
parameter: string default-policySpecifies the default access policy to use.
Defaults to ‘"default"’.
Specifies whether local printers are shared by default.
Defaults to ‘#t’.
cups-configuration
parameter: non-negative-integer dirty-clean-intervalSpecifies the delay for updating of configuration and state files, in seconds. A value of 0 causes the update to happen as soon as possible, typically within a few milliseconds.
Defaults to ‘30’.
cups-configuration
parameter: error-policy error-policySpecifies what to do when an error occurs. Possible values are
abort-job
, which will discard the failed print job;
retry-job
, which will retry the job at a later time;
retry-current-job
, which retries the failed job immediately; and
stop-printer
, which stops the printer.
Defaults to ‘stop-printer’.
cups-configuration
parameter: non-negative-integer filter-limitSpecifies the maximum cost of filters that are run concurrently, which can be used to minimize disk, memory, and CPU resource problems. A limit of 0 disables filter limiting. An average print to a non-PostScript printer needs a filter limit of about 200. A PostScript printer needs about half that (100). Setting the limit below these thresholds will effectively limit the scheduler to printing a single job at any time.
Defaults to ‘0’.
cups-configuration
parameter: non-negative-integer filter-niceSpecifies the scheduling priority of filters that are run to print a job. The nice value ranges from 0, the highest priority, to 19, the lowest priority.
Defaults to ‘0’.
cups-configuration
parameter: host-name-lookups host-name-lookupsSpecifies whether to do reverse lookups on connecting clients. The
double
setting causes cupsd
to verify that the hostname
resolved from the address matches one of the addresses returned for that
hostname. Double lookups also prevent clients with unregistered
addresses from connecting to your server. Only set this option to
#t
or double
if absolutely required.
Defaults to ‘#f’.
cups-configuration
parameter: non-negative-integer job-kill-delaySpecifies the number of seconds to wait before killing the filters and backend associated with a canceled or held job.
Defaults to ‘30’.
cups-configuration
parameter: non-negative-integer job-retry-intervalSpecifies the interval between retries of jobs in seconds. This is
typically used for fax queues but can also be used with normal print
queues whose error policy is retry-job
or
retry-current-job
.
Defaults to ‘30’.
cups-configuration
parameter: non-negative-integer job-retry-limitSpecifies the number of retries that are done for jobs. This is
typically used for fax queues but can also be used with normal print
queues whose error policy is retry-job
or
retry-current-job
.
Defaults to ‘5’.
cups-configuration
parameter: boolean keep-alive?Specifies whether to support HTTP keep-alive connections.
Defaults to ‘#t’.
cups-configuration
parameter: non-negative-integer limit-request-bodySpecifies the maximum size of print files, IPP requests, and HTML form data. A limit of 0 disables the limit check.
Defaults to ‘0’.
cups-configuration
parameter: multiline-string-list listenListens on the specified interfaces for connections. Valid values are
of the form address:port, where address is either an
IPv6 address enclosed in brackets, an IPv4 address, or *
to
indicate all addresses. Values can also be file names of local UNIX
domain sockets. The Listen directive is similar to the Port directive
but allows you to restrict access to specific interfaces or networks.
cups-configuration
parameter: non-negative-integer listen-back-logSpecifies the number of pending connections that will be allowed. This normally only affects very busy servers that have reached the MaxClients limit, but can also be triggered by large numbers of simultaneous connections. When the limit is reached, the operating system will refuse additional connections until the scheduler can accept the pending ones.
Defaults to ‘128’.
cups-configuration
parameter: location-access-control-list location-access-controlsSpecifies a set of additional access controls.
Available location-access-controls
fields are:
location-access-controls
parameter: file-name pathSpecifies the URI path to which the access control applies.
location-access-controls
parameter: access-control-list access-controlsAccess controls for all access to this path, in the same format as the
access-controls
of operation-access-control
.
Defaults to ‘()’.
location-access-controls
parameter: method-access-control-list method-access-controlsAccess controls for method-specific access to this path.
Defaults to ‘()’.
Available method-access-controls
fields are:
method-access-controls
parameter: boolean reverse?If #t
, apply access controls to all methods except the listed
methods. Otherwise apply to only the listed methods.
Defaults to ‘#f’.
method-access-controls
parameter: method-list methodsMethods to which this access control applies.
Defaults to ‘()’.
method-access-controls
parameter: access-control-list access-controlsAccess control directives, as a list of strings. Each string should be one directive, such as ‘"Order allow,deny"’.
Defaults to ‘()’.
cups-configuration
parameter: non-negative-integer log-debug-historySpecifies the number of debugging messages that are retained for logging if an error occurs in a print job. Debug messages are logged regardless of the LogLevel setting.
Defaults to ‘100’.
cups-configuration
parameter: log-level log-levelSpecifies the level of logging for the ErrorLog file. The value
none
stops all logging while debug2
logs everything.
Defaults to ‘info’.
cups-configuration
parameter: log-time-format log-time-formatSpecifies the format of the date and time in the log files. The value
standard
logs whole seconds while usecs
logs microseconds.
Defaults to ‘standard’.
cups-configuration
parameter: non-negative-integer max-clientsSpecifies the maximum number of simultaneous clients that are allowed by the scheduler.
Defaults to ‘100’.
cups-configuration
parameter: non-negative-integer max-clients-per-hostSpecifies the maximum number of simultaneous clients that are allowed from a single address.
Defaults to ‘100’.
cups-configuration
parameter: non-negative-integer max-copiesSpecifies the maximum number of copies that a user can print of each job.
Defaults to ‘9999’.
cups-configuration
parameter: non-negative-integer max-hold-timeSpecifies the maximum time a job may remain in the indefinite
hold state before it is canceled. A value of 0 disables cancellation of
held jobs.
Defaults to ‘0’.
cups-configuration
parameter: non-negative-integer max-jobsSpecifies the maximum number of simultaneous jobs that are allowed. Set to 0 to allow an unlimited number of jobs.
Defaults to ‘500’.
cups-configuration
parameter: non-negative-integer max-jobs-per-printerSpecifies the maximum number of simultaneous jobs that are allowed per printer. A value of 0 allows up to MaxJobs jobs per printer.
Defaults to ‘0’.
cups-configuration
parameter: non-negative-integer max-jobs-per-userSpecifies the maximum number of simultaneous jobs that are allowed per user. A value of 0 allows up to MaxJobs jobs per user.
Defaults to ‘0’.
cups-configuration
parameter: non-negative-integer max-job-timeSpecifies the maximum time a job may take to print before it is canceled, in seconds. Set to 0 to disable cancellation of “stuck” jobs.
Defaults to ‘10800’.
cups-configuration
parameter: non-negative-integer max-log-sizeSpecifies the maximum size of the log files before they are rotated, in bytes. The value 0 disables log rotation.
Defaults to ‘1048576’.
cups-configuration
parameter: non-negative-integer multiple-operation-timeoutSpecifies the maximum amount of time to allow between files in a multiple file print job, in seconds.
Defaults to ‘900’.
cups-configuration
parameter: string page-log-formatSpecifies the format of PageLog lines. Sequences beginning with percent (‘%’) characters are replaced with the corresponding information, while all other characters are copied literally. The following percent sequences are recognized:
insert a single percent character
insert the value of the specified IPP attribute
insert the number of copies for the current page
insert the current page number
insert the current date and time in common log format
insert the job ID
insert the printer name
insert the username
A value of the empty string disables page logging. The string %p
%u %j %T %P %C %{job-billing} %{job-originating-host-name}
%{job-name} %{media} %{sides}
creates a page log with the
standard items.
Defaults to ‘""’.
cups-configuration
parameter: environment-variables environment-variablesPasses the specified environment variable(s) to child processes; a list of strings.
Defaults to ‘()’.
cups-configuration
parameter: policy-configuration-list policiesSpecifies named access control policies.
Available policy-configuration
fields are:
policy-configuration
parameter: string nameName of the policy.
policy-configuration
parameter: string job-private-accessSpecifies an access list for a job’s private values. @ACL
maps
to the printer’s requesting-user-name-allowed or
requesting-user-name-denied values. @OWNER
maps to the job’s
owner. @SYSTEM
maps to the groups listed for the
system-group
field of the files-configuration
,
which is reified into the cups-files.conf(5)
file. Other
possible elements of the access list include specific user names, and
@group
to indicate members of a specific group. The
access list may also be simply all
or default
.
Defaults to ‘"@OWNER @SYSTEM"’.
policy-configuration
parameter: string job-private-valuesSpecifies the list of job values to make private, or all
,
default
, or none
.
Defaults to ‘"job-name job-originating-host-name job-originating-user-name phone"’.
policy-configuration
parameter: string subscription-private-accessSpecifies an access list for a subscription’s private values.
@ACL
maps to the printer’s requesting-user-name-allowed or
requesting-user-name-denied values. @OWNER
maps to the job’s
owner. @SYSTEM
maps to the groups listed for the
system-group
field of the files-configuration
,
which is reified into the cups-files.conf(5)
file. Other
possible elements of the access list include specific user names, and
@group
to indicate members of a specific group. The
access list may also be simply all
or default
.
Defaults to ‘"@OWNER @SYSTEM"’.
policy-configuration
parameter: string subscription-private-valuesSpecifies the list of job values to make private, or all
,
default
, or none
.
Defaults to ‘"notify-events notify-pull-method notify-recipient-uri notify-subscriber-user-name notify-user-data"’.
policy-configuration
parameter: operation-access-control-list access-controlsAccess control by IPP operation.
Defaults to ‘()’.
cups-configuration
parameter: boolean-or-non-negative-integer preserve-job-filesSpecifies whether job files (documents) are preserved after a job is printed. If a numeric value is specified, job files are preserved for the indicated number of seconds after printing. Otherwise a boolean value applies indefinitely.
Defaults to ‘86400’.
cups-configuration
parameter: boolean-or-non-negative-integer preserve-job-historySpecifies whether the job history is preserved after a job is printed.
If a numeric value is specified, the job history is preserved for the
indicated number of seconds after printing. If #t
, the job
history is preserved until the MaxJobs limit is reached.
Defaults to ‘#t’.
cups-configuration
parameter: non-negative-integer reload-timeoutSpecifies the amount of time to wait for job completion before restarting the scheduler.
Defaults to ‘30’.
cups-configuration
parameter: string rip-cacheSpecifies the maximum amount of memory to use when converting documents into bitmaps for a printer.
Defaults to ‘"128m"’.
cups-configuration
parameter: string server-adminSpecifies the email address of the server administrator.
Defaults to ‘"root@localhost.localdomain"’.
cups-configuration
parameter: host-name-list-or-* server-aliasThe ServerAlias directive is used for HTTP Host header validation when
clients connect to the scheduler from external interfaces. Using the
special name *
can expose your system to known browser-based DNS
rebinding attacks, even when accessing sites through a firewall. If the
auto-discovery of alternate names does not work, we recommend listing
each alternate name with a ServerAlias directive instead of using
*
.
Defaults to ‘*’.
cups-configuration
parameter: string server-nameSpecifies the fully-qualified host name of the server.
Defaults to ‘"localhost"’.
cups-configuration
parameter: server-tokens server-tokensSpecifies what information is included in the Server header of HTTP
responses. None
disables the Server header. ProductOnly
reports CUPS
. Major
reports CUPS 2
. Minor
reports CUPS 2.0
. Minimal
reports CUPS 2.0.0
.
OS
reports CUPS 2.0.0 (uname)
where uname is
the output of the uname
command. Full
reports CUPS
2.0.0 (uname) IPP/2.0
.
Defaults to ‘Minimal’.
cups-configuration
parameter: multiline-string-list ssl-listenListens on the specified interfaces for encrypted connections. Valid
values are of the form address:port, where address is
either an IPv6 address enclosed in brackets, an IPv4 address, or
*
to indicate all addresses.
Defaults to ‘()’.
cups-configuration
parameter: ssl-options ssl-optionsSets encryption options. By default, CUPS only supports encryption
using TLS v1.0 or higher using known secure cipher suites. Security is
reduced when Allow
options are used, and enhanced when Deny
options are used. The AllowRC4
option enables the 128-bit RC4 cipher
suites, which are required for some older clients. The AllowSSL3
option
enables SSL v3.0, which is required for some older clients that do not support
TLS v1.0. The DenyCBC
option disables all CBC cipher suites. The
DenyTLS1.0
option disables TLS v1.0 support - this sets the minimum
protocol version to TLS v1.1.
Defaults to ‘()’.
cups-configuration
parameter: boolean strict-conformance?Specifies whether the scheduler requires clients to strictly adhere to the IPP specifications.
Defaults to ‘#f’.
cups-configuration
parameter: non-negative-integer timeoutSpecifies the HTTP request timeout, in seconds.
Defaults to ‘900’.
cups-configuration
parameter: boolean web-interface?Specifies whether the web interface is enabled.
Defaults to ‘#f’.
At this point you’re probably thinking “oh dear, Guix manual, I like
you but you can stop already with the configuration options”. Indeed.
However, one more point: it could be that you have an existing
cupsd.conf
that you want to use. In that case, you can pass an
opaque-cups-configuration
as the configuration of a
cups-service-type
.
Available opaque-cups-configuration
fields are:
opaque-cups-configuration
parameter: package cupsThe CUPS package.
opaque-cups-configuration
parameter: string cupsd.confThe contents of the cupsd.conf
, as a string.
opaque-cups-configuration
parameter: string cups-files.confThe contents of the cups-files.conf
file, as a string.
For example, if your cupsd.conf
and cups-files.conf
are in
strings of the same name, you could instantiate a CUPS service like
this:
(service cups-service-type (opaque-cups-configuration (cupsd.conf cupsd.conf) (cups-files.conf cups-files.conf)))
Next: Desktop Services, Previous: X Window, Up: Services [Contents][Index]