add teamspeak6 server

1 files changed, 183 insertions, 0 deletions

diff --git a/modules/teamspeak/teamspeak6-server.nix b/modules/teamspeak/teamspeak6-server.nix
new file mode 100644
index 0000000..b637031
--- /dev/null
+++ b/modules/teamspeak/teamspeak6-server.nix
@@ -0,0 +1,183 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.teamspeak6;
+  user = "teamspeak6";
+  group = "teamspeak6";
+in
+{
+  options = {
+    services.teamspeak6 = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to run the Teamspeak 6 voice communication server daemon.
+        '';
+      };
+
+      package = mkPackageOption pkgs "teamspeak6-server" {};
+
+      dataDir = mkOption {
+        type = types.path;
+        default = "/var/lib/teamspeak6-server";
+        description = ''
+          Directory to store TS6 database and other state/data files.
+        '';
+      };
+
+      logPath = mkOption {
+        type = types.path;
+        default = "/var/log/teamspeak6-server/";
+        description = ''
+          Directory to store log files in.
+        '';
+      };
+
+      voiceIP = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        example = "[::]";
+        description = ''
+          IP on which the server instance will listen for incoming voice connections. Defaults to any IP.
+        '';
+      };
+
+      defaultVoicePort = mkOption {
+        type = types.port;
+        default = 9987;
+        description = ''
+          Default UDP port for clients to connect to virtual servers - used for first virtual server, subsequent ones will open on incrementing port numbers by default.
+        '';
+      };
+
+      fileTransferIP = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        example = "[::]";
+        description = ''
+          IP on which the server instance will listen for incoming file transfer connections. Defaults to any IP.
+        '';
+      };
+
+      fileTransferPort = mkOption {
+        type = types.port;
+        default = 30033;
+        description = ''
+          TCP port opened for file transfers.
+        '';
+      };
+
+      queryIP = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        example = "0.0.0.0";
+        description = ''
+          IP on which the server instance will listen for incoming ServerQuery connections. Defaults to any IP.
+        '';
+      };
+
+      queryPort = mkOption {
+        type = types.port;
+        default = 10011;
+        description = ''
+          TCP port opened for ServerQuery connections using the raw telnet protocol.
+        '';
+      };
+
+      querySshPort = mkOption {
+        type = types.port;
+        default = 10022;
+        description = ''
+          TCP port opened for ServerQuery connections using the SSH protocol.
+        '';
+      };
+
+      queryHttpPort = mkOption {
+        type = types.port;
+        default = 10080;
+        description = ''
+          TCP port opened for ServerQuery connections using the HTTP protocol.
+        '';
+      };
+
+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Open ports in the firewall for the TeamSpeak3 server.";
+      };
+
+      openFirewallServerQuery = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Open ports in the firewall for the TeamSpeak3 serverquery (administration) system. Requires openFirewall.";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    users.users."${user}" = {
+      description = "Teamspeak6 voice communication server daemon";
+      group = group;
+      # uid = config.ids.uids.teamspeak;
+      home = cfg.dataDir;
+      createHome = true;
+      isSystemUser = true;
+    };
+
+    users.groups."${group}" = {
+      # gid = config.ids.gids.teamspeak;
+    };
+
+    systemd.tmpfiles.rules = [
+      "d '${cfg.logPath}' - ${user} ${group} - -"
+    ];
+
+    networking.firewall = mkIf cfg.openFirewall {
+      allowedTCPPorts = [
+        cfg.fileTransferPort
+      ]
+      ++ (map (port: mkIf cfg.openFirewallServerQuery port) [
+        cfg.queryPort
+        cfg.querySshPort
+        cfg.queryHttpPort
+      ]);
+      # subsequent vServers will use the incremented voice port, let's just open the next 10
+      allowedUDPPortRanges = [
+        {
+          from = cfg.defaultVoicePort;
+          to = cfg.defaultVoicePort + 10;
+        }
+      ];
+    };
+
+    systemd.services.teamspeak6-server = {
+      description = "Teamspeak6 voice communication server daemon";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+
+      serviceConfig = {
+        ExecStart = ''
+          ${cfg.package}/bin/tsserver \
+            --db-sql-path=${cfg.package}/share/teamspeak6-server/sql/ \
+            --log-path=${cfg.logPath} \
+            --accept-license=1 \
+            --default-voice-port=${toString cfg.defaultVoicePort} \
+            --filetransfer-port=${toString cfg.fileTransferPort} \
+            --query-ssh-port=${toString cfg.querySshPort} \
+            --query-http-port=${toString cfg.queryHttpPort} \
+            ${optionalString (cfg.voiceIP != null) "--voice-ip=${cfg.voiceIP}"} \
+            ${optionalString (cfg.fileTransferIP != null) "--filetransfer-ip=${cfg.fileTransferIP}"} \
+            ${optionalString (cfg.queryIP != null) "--query-ssh-ip=${cfg.queryIP}"} \
+            ${optionalString (cfg.queryIP != null) "--query-http-ip=${cfg.queryIP}"} \
+        '';
+        WorkingDirectory = cfg.dataDir;
+        User = user;
+        Group = group;
+        Restart = "on-failure";
+      };
+    };
+  };
+}