nixos/printing: Add openFirewall option

[onny]

Description of changes

Add

services.printing.openFirewall = true;

option to open TCP ports specified in printing.listenAdddresses required for network printer sharing.

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 22.11 Release Notes (or backporting 22.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
  • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
• Fits CONTRIBUTING.md.

[Ma27]

The problem I see here is that when changing listenAddress to use another port, openFirewall opens up the wrong network port, correct?

[onny]

@Ma27 @klemensn Updated the pull request. It now parses the ports in cfg.listenAddresses and puts them into networking.firewall.allowedTCPPorts.

Tested it with nixos-shell and

{ pkgs, ... }: {
  services.printing = {
    enable = true;
    listenAddresses = [
      "*:631"
      "127.0.0.1:632"
    ];
    openFirewall = true;
  };

  networking.firewall.enable = true;
  environment.systemPackages = [ pkgs.nftables ];
}

[klemensn]

I no longer use this code, so can't test.

[drupol]

LGTM