diff options
Diffstat (limited to 'nixos/modules/services/networking')
-rw-r--r-- | nixos/modules/services/networking/nat.nix | 13 | ||||
-rw-r--r-- | nixos/modules/services/networking/ssh/sshd.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/networking/teamspeak3.nix | 47 |
3 files changed, 28 insertions, 34 deletions
diff --git a/nixos/modules/services/networking/nat.nix b/nixos/modules/services/networking/nat.nix index f35b0f68e3ef..9d163e60d5ea 100644 --- a/nixos/modules/services/networking/nat.nix +++ b/nixos/modules/services/networking/nat.nix @@ -12,9 +12,6 @@ let dest = if cfg.externalIP == null then "-j MASQUERADE" else "-j SNAT --to-source ${cfg.externalIP}"; - externalInterfaceFilter = param: - optionalString (cfg.externalInterface != null) "${param} ${cfg.externalInterface}"; - flushNat = '' iptables -w -t nat -D PREROUTING -j nixos-nat-pre 2>/dev/null|| true iptables -w -t nat -F nixos-nat-pre 2>/dev/null || true @@ -39,20 +36,19 @@ let # NAT the marked packets. ${optionalString (cfg.internalInterfaces != []) '' iptables -w -t nat -A nixos-nat-post -m mark --mark 1 \ - ${externalInterfaceFilter "-o"} ${dest} + -o ${cfg.externalInterface} ${dest} ''} # NAT packets coming from the internal IPs. ${concatMapStrings (range: '' iptables -w -t nat -A nixos-nat-post \ - -s '${range}' \! -d '${range}' - ${externalInterfaceFilter "-o"} ${dest} + -s '${range}' -o ${cfg.externalInterface} ${dest} '') cfg.internalIPs} # NAT from external ports to internal ports. ${concatMapStrings (fwd: '' iptables -w -t nat -A nixos-nat-pre \ - ${externalInterfaceFilter "-i"} -p tcp \ + -i ${cfg.externalInterface} -p tcp \ --dport ${builtins.toString fwd.sourcePort} \ -j DNAT --to-destination ${fwd.destination} '') cfg.forwardPorts} @@ -104,8 +100,7 @@ in }; networking.nat.externalInterface = mkOption { - type = types.nullOr types.str; - default = null; + type = types.str; example = "eth1"; description = '' diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix index 5971a5a250d3..a464733a6a03 100644 --- a/nixos/modules/services/networking/ssh/sshd.nix +++ b/nixos/modules/services/networking/ssh/sshd.nix @@ -195,7 +195,7 @@ in authorizedKeysFiles = mkOption { type = types.listOf types.str; default = []; - description = "Files from with authorized keys are read."; + description = "Files from which authorized keys are read."; }; extraConfig = mkOption { diff --git a/nixos/modules/services/networking/teamspeak3.nix b/nixos/modules/services/networking/teamspeak3.nix index b3656d73dec0..5f04926eed24 100644 --- a/nixos/modules/services/networking/teamspeak3.nix +++ b/nixos/modules/services/networking/teamspeak3.nix @@ -10,13 +10,12 @@ let in { - + ###### interface options = { services.teamspeak3 = { - enable = mkOption { type = types.bool; default = false; @@ -96,34 +95,32 @@ in ###### implementation - config = mkIf cfg.enable { - - users.extraUsers.teamspeak = - { name = "teamspeak"; + config = mkMerge [ + (mkIf cfg.enable { + users.users.teamspeak = { description = "Teamspeak3 voice communication server daemon"; group = group; uid = config.ids.uids.teamspeak; + home = cfg.dataDir; + createHome = true; }; - users.extraGroups.teamspeak = - { name = "teamspeak"; + users.groups.teamspeak = { gid = config.ids.gids.teamspeak; }; - systemd.services.teamspeak3-server = { - description = "Teamspeak3 voice communication server daemon"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; + systemd.services.teamspeak3-server = { + description = "Teamspeak3 voice communication server daemon"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; - preStart = '' - mkdir -p ${cfg.dataDir} - mkdir -p ${cfg.logPath} - chown ${user}:${group} ${cfg.dataDir} - chown ${user}:${group} ${cfg.logPath} - ''; + preStart = '' + mkdir -p ${cfg.logPath} + chown ${user}:${group} ${cfg.logPath} + ''; - serviceConfig = - { ExecStart = '' + serviceConfig = { + ExecStart = '' ${ts3}/bin/ts3server \ dbsqlpath=${ts3}/lib/teamspeak/sql/ logpath=${cfg.logPath} \ voice_ip=${cfg.voiceIP} default_voice_port=${toString cfg.defaultVoicePort} \ @@ -133,10 +130,12 @@ in WorkingDirectory = cfg.dataDir; User = user; Group = group; - PermissionsStartOnly = true; # preStart needs to run with root permissions + PermissionsStartOnly = true; }; }; - - }; - + }) + { + meta.maintainers = with lib.maintainers; [ arobyn ]; + } + ]; } |