summary refs log tree commit diff
path: root/nixos/modules/services/networking
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/services/networking')
-rw-r--r--nixos/modules/services/networking/nat.nix13
-rw-r--r--nixos/modules/services/networking/ssh/sshd.nix2
-rw-r--r--nixos/modules/services/networking/teamspeak3.nix47
3 files changed, 28 insertions, 34 deletions
diff --git a/nixos/modules/services/networking/nat.nix b/nixos/modules/services/networking/nat.nix
index f35b0f68e3ef..9d163e60d5ea 100644
--- a/nixos/modules/services/networking/nat.nix
+++ b/nixos/modules/services/networking/nat.nix
@@ -12,9 +12,6 @@ let
 
   dest = if cfg.externalIP == null then "-j MASQUERADE" else "-j SNAT --to-source ${cfg.externalIP}";
 
-  externalInterfaceFilter = param:
-    optionalString (cfg.externalInterface != null) "${param} ${cfg.externalInterface}";
-
   flushNat = ''
     iptables -w -t nat -D PREROUTING -j nixos-nat-pre 2>/dev/null|| true
     iptables -w -t nat -F nixos-nat-pre 2>/dev/null || true
@@ -39,20 +36,19 @@ let
     # NAT the marked packets.
     ${optionalString (cfg.internalInterfaces != []) ''
       iptables -w -t nat -A nixos-nat-post -m mark --mark 1 \
-        ${externalInterfaceFilter "-o"} ${dest}
+        -o ${cfg.externalInterface} ${dest}
     ''}
 
     # NAT packets coming from the internal IPs.
     ${concatMapStrings (range: ''
       iptables -w -t nat -A nixos-nat-post \
-        -s '${range}' \! -d '${range}'
-        ${externalInterfaceFilter "-o"} ${dest}
+        -s '${range}' -o ${cfg.externalInterface} ${dest}
     '') cfg.internalIPs}
 
     # NAT from external ports to internal ports.
     ${concatMapStrings (fwd: ''
       iptables -w -t nat -A nixos-nat-pre \
-        ${externalInterfaceFilter "-i"} -p tcp \
+        -i ${cfg.externalInterface} -p tcp \
         --dport ${builtins.toString fwd.sourcePort} \
         -j DNAT --to-destination ${fwd.destination}
     '') cfg.forwardPorts}
@@ -104,8 +100,7 @@ in
     };
 
     networking.nat.externalInterface = mkOption {
-      type = types.nullOr types.str;
-      default = null;
+      type = types.str;
       example = "eth1";
       description =
         ''
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix
index 5971a5a250d3..a464733a6a03 100644
--- a/nixos/modules/services/networking/ssh/sshd.nix
+++ b/nixos/modules/services/networking/ssh/sshd.nix
@@ -195,7 +195,7 @@ in
       authorizedKeysFiles = mkOption {
         type = types.listOf types.str;
         default = [];
-        description = "Files from with authorized keys are read.";
+        description = "Files from which authorized keys are read.";
       };
 
       extraConfig = mkOption {
diff --git a/nixos/modules/services/networking/teamspeak3.nix b/nixos/modules/services/networking/teamspeak3.nix
index b3656d73dec0..5f04926eed24 100644
--- a/nixos/modules/services/networking/teamspeak3.nix
+++ b/nixos/modules/services/networking/teamspeak3.nix
@@ -10,13 +10,12 @@ let
 in
 
 {
-  
+
   ###### interface
 
   options = {
 
     services.teamspeak3 = {
-
       enable = mkOption {
         type = types.bool;
         default = false;
@@ -96,34 +95,32 @@ in
 
   ###### implementation
 
-  config = mkIf cfg.enable {
-
-    users.extraUsers.teamspeak =
-      { name = "teamspeak";
+  config = mkMerge [
+    (mkIf cfg.enable {
+      users.users.teamspeak = {
         description = "Teamspeak3 voice communication server daemon";
         group = group;
         uid = config.ids.uids.teamspeak;
+        home = cfg.dataDir;
+        createHome = true;
       };
 
-    users.extraGroups.teamspeak =
-      { name = "teamspeak";
+      users.groups.teamspeak = {
         gid = config.ids.gids.teamspeak;
       };
 
-    systemd.services.teamspeak3-server = { 
-      description = "Teamspeak3 voice communication server daemon";
-      after = [ "network.target" ];
-      wantedBy = [ "multi-user.target" ];
+      systemd.services.teamspeak3-server = {
+        description = "Teamspeak3 voice communication server daemon";
+        after = [ "network.target" ];
+        wantedBy = [ "multi-user.target" ];
 
-      preStart = ''
-        mkdir -p ${cfg.dataDir}
-        mkdir -p ${cfg.logPath}
-        chown ${user}:${group} ${cfg.dataDir}
-        chown ${user}:${group} ${cfg.logPath}
-      '';
+        preStart = ''
+          mkdir -p ${cfg.logPath}
+          chown ${user}:${group} ${cfg.logPath}
+        '';
 
-      serviceConfig =
-        { ExecStart = ''
+        serviceConfig = {
+          ExecStart = ''
             ${ts3}/bin/ts3server \
               dbsqlpath=${ts3}/lib/teamspeak/sql/ logpath=${cfg.logPath} \
               voice_ip=${cfg.voiceIP} default_voice_port=${toString cfg.defaultVoicePort} \
@@ -133,10 +130,12 @@ in
           WorkingDirectory = cfg.dataDir;
           User = user;
           Group = group;
-          PermissionsStartOnly = true; # preStart needs to run with root permissions
+          PermissionsStartOnly = true;
         };
       };
-
-  };
-
+    })
+    {
+      meta.maintainers = with lib.maintainers; [ arobyn ];
+    }
+  ];
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-30 20:10:43 +0000