diff options
| author | Maciej Krüger <mkg20001@gmail.com> | 2021-11-04 03:30:24 +0100 |
|---|---|---|
| committer | Maciej Krüger <mkg20001@gmail.com> | 2021-11-07 08:18:18 +0100 |
| commit | dd4a34019a1a6701bb92ea2fde8a9a0e3b83f24e (patch) | |
| tree | 9f78a377537ff2a7e052afbfd451020438f622fe | |
| parent | 83c93c8e1c01425d69bf06b2bf3c0ac5f9282443 (diff) | |
| download | nixpkgs-dd4a34019a1a6701bb92ea2fde8a9a0e3b83f24e.tar nixpkgs-dd4a34019a1a6701bb92ea2fde8a9a0e3b83f24e.tar.gz nixpkgs-dd4a34019a1a6701bb92ea2fde8a9a0e3b83f24e.tar.bz2 nixpkgs-dd4a34019a1a6701bb92ea2fde8a9a0e3b83f24e.tar.lz nixpkgs-dd4a34019a1a6701bb92ea2fde8a9a0e3b83f24e.tar.xz nixpkgs-dd4a34019a1a6701bb92ea2fde8a9a0e3b83f24e.tar.zst nixpkgs-dd4a34019a1a6701bb92ea2fde8a9a0e3b83f24e.zip | |
nixos/teamspeak: add openFirewall, openFirewallServerQuery
Also set default address to v6 as v6-any always enables v4-any, not always other way
| -rw-r--r-- | nixos/modules/services/networking/teamspeak3.nix | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/nixos/modules/services/networking/teamspeak3.nix b/nixos/modules/services/networking/teamspeak3.nix index fadb32dcd77..c0ed08282aa 100644 --- a/nixos/modules/services/networking/teamspeak3.nix +++ b/nixos/modules/services/networking/teamspeak3.nix @@ -43,7 +43,7 @@ in voiceIP = mkOption { type = types.nullOr types.str; default = null; - example = "0.0.0.0"; + example = "[::]"; description = '' IP on which the server instance will listen for incoming voice connections. Defaults to any IP. ''; @@ -60,7 +60,7 @@ in fileTransferIP = mkOption { type = types.nullOr types.str; default = null; - example = "0.0.0.0"; + example = "[::]"; description = '' IP on which the server instance will listen for incoming file transfer connections. Defaults to any IP. ''; @@ -91,6 +91,18 @@ in ''; }; + openFirewall = mkOption { + type = types.bool; + default = false; + description = "Open ports in the firewall for the TeamSpeak3 server."; + }; + + openFirewallServerQuery = mkOption { + type = types.bool; + default = false; + description = "Open ports in the firewall for the TeamSpeak3 serverquery (administration) system. Requires openFirewall."; + }; + }; }; @@ -115,6 +127,12 @@ in "d '${cfg.logPath}' - ${user} ${group} - -" ]; + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ cfg.fileTransferPort ] ++ optionals (cfg.openFirewallServerQuery) [ cfg.queryPort (cfg.queryPort + 11) ]; + # subsequent vServers will use the incremented voice port, let's just open the next 10 + allowedUDPPortRanges = [ { from = cfg.defaultVoicePort; to = cfg.defaultVoicePort + 10; } ]; + }; + systemd.services.teamspeak3-server = { description = "Teamspeak3 voice communication server daemon"; after = [ "network.target" ]; |