diff options
author | Maciej Krüger <mkg20001@gmail.com> | 2021-11-14 21:23:55 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-11-14 21:23:55 +0100 |
commit | dc19eaec1bf52aa5139a66a51f7899386c816596 (patch) | |
tree | ff48d53f5f46ee86802b3d664457678b7d8afbe4 /nixos/modules/services/networking | |
parent | 9ef49d13de4889dcfa78733bd4efac0c6b9c8ff3 (diff) | |
parent | dd4a34019a1a6701bb92ea2fde8a9a0e3b83f24e (diff) | |
download | nixpkgs-dc19eaec1bf52aa5139a66a51f7899386c816596.tar nixpkgs-dc19eaec1bf52aa5139a66a51f7899386c816596.tar.gz nixpkgs-dc19eaec1bf52aa5139a66a51f7899386c816596.tar.bz2 nixpkgs-dc19eaec1bf52aa5139a66a51f7899386c816596.tar.lz nixpkgs-dc19eaec1bf52aa5139a66a51f7899386c816596.tar.xz nixpkgs-dc19eaec1bf52aa5139a66a51f7899386c816596.tar.zst nixpkgs-dc19eaec1bf52aa5139a66a51f7899386c816596.zip |
Merge pull request #144965 from mkg20001/ts-firewall
Diffstat (limited to 'nixos/modules/services/networking')
-rw-r--r-- | nixos/modules/services/networking/teamspeak3.nix | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/nixos/modules/services/networking/teamspeak3.nix b/nixos/modules/services/networking/teamspeak3.nix index fadb32dcd77..c0ed08282aa 100644 --- a/nixos/modules/services/networking/teamspeak3.nix +++ b/nixos/modules/services/networking/teamspeak3.nix @@ -43,7 +43,7 @@ in voiceIP = mkOption { type = types.nullOr types.str; default = null; - example = "0.0.0.0"; + example = "[::]"; description = '' IP on which the server instance will listen for incoming voice connections. Defaults to any IP. ''; @@ -60,7 +60,7 @@ in fileTransferIP = mkOption { type = types.nullOr types.str; default = null; - example = "0.0.0.0"; + example = "[::]"; description = '' IP on which the server instance will listen for incoming file transfer connections. Defaults to any IP. ''; @@ -91,6 +91,18 @@ in ''; }; + openFirewall = mkOption { + type = types.bool; + default = false; + description = "Open ports in the firewall for the TeamSpeak3 server."; + }; + + openFirewallServerQuery = mkOption { + type = types.bool; + default = false; + description = "Open ports in the firewall for the TeamSpeak3 serverquery (administration) system. Requires openFirewall."; + }; + }; }; @@ -115,6 +127,12 @@ in "d '${cfg.logPath}' - ${user} ${group} - -" ]; + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ cfg.fileTransferPort ] ++ optionals (cfg.openFirewallServerQuery) [ cfg.queryPort (cfg.queryPort + 11) ]; + # subsequent vServers will use the incremented voice port, let's just open the next 10 + allowedUDPPortRanges = [ { from = cfg.defaultVoicePort; to = cfg.defaultVoicePort + 10; } ]; + }; + systemd.services.teamspeak3-server = { description = "Teamspeak3 voice communication server daemon"; after = [ "network.target" ]; |