commit dc19eaec1bf52aa5139a66a51f7899386c816596 · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

fork atom

Merge pull request #144965 from mkg20001/ts-firewall

authored by Maciej Krüger and committed by GitHub 4 years ago dc19eaec 9ef49d13

+20 -2

1 changed file

expand all

unified split

nixos

modules

services

networking

teamspeak3.nix

+20 -2

nixos/modules/services/networking/teamspeak3.nix

··· 43 voiceIP = mkOption { 44 type = types.nullOr types.str; 45 default = null; 46 - example = "0.0.0.0"; 47 description = '' 48 IP on which the server instance will listen for incoming voice connections. Defaults to any IP. 49 ''; ··· 60 fileTransferIP = mkOption { 61 type = types.nullOr types.str; 62 default = null; 63 - example = "0.0.0.0"; 64 description = '' 65 IP on which the server instance will listen for incoming file transfer connections. Defaults to any IP. 66 ''; ··· 91 ''; 92 }; 93 94 }; 95 96 }; ··· 114 systemd.tmpfiles.rules = [ 115 "d '${cfg.logPath}' - ${user} ${group} - -" 116 ]; 117 118 systemd.services.teamspeak3-server = { 119 description = "Teamspeak3 voice communication server daemon";

··· 43 voiceIP = mkOption { 44 type = types.nullOr types.str; 45 default = null; 46 + example = "[::]"; 47 description = '' 48 IP on which the server instance will listen for incoming voice connections. Defaults to any IP. 49 ''; ··· 60 fileTransferIP = mkOption { 61 type = types.nullOr types.str; 62 default = null; 63 + example = "[::]"; 64 description = '' 65 IP on which the server instance will listen for incoming file transfer connections. Defaults to any IP. 66 ''; ··· 91 ''; 92 }; 93 94 + openFirewall = mkOption { 95 + type = types.bool; 96 + default = false; 97 + description = "Open ports in the firewall for the TeamSpeak3 server."; 98 + }; 99 + 100 + openFirewallServerQuery = mkOption { 101 + type = types.bool; 102 + default = false; 103 + description = "Open ports in the firewall for the TeamSpeak3 serverquery (administration) system. Requires openFirewall."; 104 + }; 105 + 106 }; 107 108 }; ··· 126 systemd.tmpfiles.rules = [ 127 "d '${cfg.logPath}' - ${user} ${group} - -" 128 ]; 129 + 130 + networking.firewall = mkIf cfg.openFirewall { 131 + allowedTCPPorts = [ cfg.fileTransferPort ] ++ optionals (cfg.openFirewallServerQuery) [ cfg.queryPort (cfg.queryPort + 11) ]; 132 + # subsequent vServers will use the incremented voice port, let's just open the next 10 133 + allowedUDPPortRanges = [ { from = cfg.defaultVoicePort; to = cfg.defaultVoicePort + 10; } ]; 134 + }; 135 136 systemd.services.teamspeak3-server = { 137 description = "Teamspeak3 voice communication server daemon";