tjh.dev
Merge pull request #144965 from mkg20001/ts-firewall
authored by Maciej Krüger and committed by GitHub dc19eaec 9ef49d13
+20
-2
nixos/modules/services/networking/teamspeak3.nix
+20
-2
nixos/modules/services/networking/teamspeak3.nix
···
43
43
voiceIP = mkOption {
44
44
type = types.nullOr types.str;
45
45
default = null;
46
-
example = "0.0.0.0";
46
+
example = "[::]";
47
47
description = ''
48
48
IP on which the server instance will listen for incoming voice connections. Defaults to any IP.
49
49
'';
···
60
60
fileTransferIP = mkOption {
61
61
type = types.nullOr types.str;
62
62
default = null;
63
-
example = "0.0.0.0";
63
+
example = "[::]";
64
64
description = ''
65
65
IP on which the server instance will listen for incoming file transfer connections. Defaults to any IP.
66
66
'';
···
91
91
'';
92
92
};
93
93
94
+
openFirewall = mkOption {
95
+
type = types.bool;
96
+
default = false;
97
+
description = "Open ports in the firewall for the TeamSpeak3 server.";
98
+
};
99
+
100
+
openFirewallServerQuery = mkOption {
101
+
type = types.bool;
102
+
default = false;
103
+
description = "Open ports in the firewall for the TeamSpeak3 serverquery (administration) system. Requires openFirewall.";
104
+
};
105
+
94
106
};
95
107
96
108
};
···
114
126
systemd.tmpfiles.rules = [
115
127
"d '${cfg.logPath}' - ${user} ${group} - -"
116
128
];
129
+
130
+
networking.firewall = mkIf cfg.openFirewall {
131
+
allowedTCPPorts = [ cfg.fileTransferPort ] ++ optionals (cfg.openFirewallServerQuery) [ cfg.queryPort (cfg.queryPort + 11) ];
132
+
# subsequent vServers will use the incremented voice port, let's just open the next 10
133
+
allowedUDPPortRanges = [ { from = cfg.defaultVoicePort; to = cfg.defaultVoicePort + 10; } ];
134
+
};
117
135
118
136
systemd.services.teamspeak3-server = {
119
137
description = "Teamspeak3 voice communication server daemon";