diff --git a/README.md b/README.md index 6de273a..eb507fb 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,94 @@ -# teamspeak-server +# TeamSpeak 3 Server — silico.ca -TeamSpeak 3 server install notes and config for silico.ca \ No newline at end of file +Install notes and config for the TeamSpeak 3 server running on the Fedora VPS +(`vps-93975aa7.vps.ovh.ca`). The TeamSpeak 5 desktop client talks to TS3 servers, +so "latest" here is TeamSpeak 3 Server 3.13.7 — the current stable release. + +## Connection info + +| Field | Value | +|----------------|------------------------------------| +| Address | `silico.ca` (or `ts.silico.ca`) | +| Voice port | `9987/udp` (default — omit) | +| Query port | `10011/tcp` (ServerQuery) | +| File transfer | `30033/tcp` | +| Version | 3.13.7 (Linux amd64) | + +## Client setup + +1. Download the **TeamSpeak 5** client from + (Windows / macOS / Linux / iOS / Android). The TS3 client still works too. +2. Launch the client and create a free myTeamSpeak identity (or skip and use a + local identity). +3. `Connections` → `Connect`, then enter: + - **Server Nickname or Address:** `silico.ca` + - **Nickname:** whatever you like +4. On first connect you'll be prompted for a **privilege key** — paste the admin + token (see below) to claim Server Admin rights. Only do this on the very + first connection; afterwards you're promoted automatically based on identity. + +### Admin privilege key (one-time use) + +The server generated this on first startup. **Anyone who redeems it becomes +Server Admin**, so use it once and then delete this section, or revoke it from +the server's token list: + +``` +token=VxpG+bVvZHX5bV8UcBJNRW4ADRnGmALLaxBnHhGx +``` + +If it's already been used, generate a new one via ServerQuery +(`privilegekeyadd` with `tokentype=0 tokenid1=6 tokenid2=0`) or by running +`ts3server` with a fresh database. + +## Server install + +Installed under `/opt/teamspeak` owned by the `teamspeak` system user. See +[`install.sh`](install.sh) for the exact steps used. Logs live at +`/opt/teamspeak/logs/`, the SQLite DB at `/opt/teamspeak/ts3server.sqlitedb`. + +The systemd unit is in [`teamspeak.service`](teamspeak.service): + +``` +sudo systemctl {status,restart,stop} teamspeak +sudo journalctl -u teamspeak -f +``` + +## Firewall + +The VPS has no host firewall active (`nftables` and `firewalld` are both +inactive on this Fedora 43 Cloud image), so OVH's upstream network is the only +filter. The three TS3 ports are reachable from the public internet as-is. If a +host firewall is enabled later, open: + +- `9987/udp` — voice +- `10011/tcp` — ServerQuery (optional, consider binding to localhost only) +- `30033/tcp` — file transfer (avatars, channel icons, uploads) + +## Notes to self + +A few things I noticed while putting this together and would want to remember +next time: + +- **bzip2 wasn't installed** on the minimal Fedora Cloud image. The TS3 tarball + is `.tar.bz2`, so `tar -xjf` failed until `dnf install bzip2` ran. Worth + baking into a base provisioning script. +- **License acceptance** has two mechanisms: touching + `.ts3server_license_accepted` in the install dir *and* passing + `license_accepted=1` on the command line. The systemd unit passes the flag, + which is the documented-as-official path; the touch file is belt-and-braces. +- **The admin token is only printed once**, into stdout of the first run. It + gets captured in `journalctl -u teamspeak` but if the journal is wiped before + it's used, you have to generate a replacement via ServerQuery or start from a + fresh DB. I grabbed it from the journal rather than parsing log files because + the log files are named with a timestamp and that's brittle to script. +- **Ports 10080 and 10022 also open** — those are TS3's built-in HTTP + ServerQuery and SSH ServerQuery respectively. They're on by default in 3.13.7. + I left them running but they're candidates for binding to 127.0.0.1 in + `ts3server.ini` if we don't need remote admin. +- **TeamSpeak 5 vs 3 confusion:** TeamSpeak 5 is a client-only rewrite; the + server product is still TS3 and there's no "TeamSpeak 5 Server" to install. + Worth flagging because "latest version" is ambiguous from a user's POV. +- **No DNS record yet** for `ts.silico.ca`. `silico.ca` itself resolves to the + VPS so it works, but a dedicated A record would be tidier and lets us move + the service later without telling everyone a new address. diff --git a/install.sh b/install.sh new file mode 100644 index 0000000..bee4d0e --- /dev/null +++ b/install.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash +# Install TeamSpeak 3 Server 3.13.7 on Fedora. +# Run as a user with sudo. Idempotent-ish: re-running will overwrite the install. + +set -euo pipefail + +VERSION=3.13.7 +TARBALL=teamspeak3-server_linux_amd64-${VERSION}.tar.bz2 +URL=https://files.teamspeak-services.com/releases/server/${VERSION}/${TARBALL} +SHA256=775a5731a9809801e4c8f9066cd9bc562a1b368553139c1249f2a0740d50041e + +sudo dnf install -y bzip2 rsync + +cd /tmp +curl -sSLO "$URL" +echo "${SHA256} ${TARBALL}" | sha256sum -c - + +sudo useradd -r -m -d /opt/teamspeak -s /bin/bash teamspeak 2>/dev/null || true +tar -xjf "$TARBALL" +sudo rsync -a teamspeak3-server_linux_amd64/ /opt/teamspeak/ +sudo touch /opt/teamspeak/.ts3server_license_accepted +sudo chown -R teamspeak:teamspeak /opt/teamspeak + +sudo install -m 0644 teamspeak.service /etc/systemd/system/teamspeak.service +sudo systemctl daemon-reload +sudo systemctl enable --now teamspeak.service + +echo +echo "Server started. Admin privilege key (one-time use):" +sudo journalctl -u teamspeak --no-pager | grep -oE 'token=[A-Za-z0-9+/=]+' | tail -1 diff --git a/teamspeak.service b/teamspeak.service new file mode 100644 index 0000000..480cfff --- /dev/null +++ b/teamspeak.service @@ -0,0 +1,17 @@ +[Unit] +Description=TeamSpeak 3 Server +After=network.target + +[Service] +WorkingDirectory=/opt/teamspeak +User=teamspeak +Group=teamspeak +Type=forking +ExecStart=/opt/teamspeak/ts3server_startscript.sh start inifile=ts3server.ini license_accepted=1 +ExecStop=/opt/teamspeak/ts3server_startscript.sh stop +PIDFile=/opt/teamspeak/ts3server.pid +Restart=on-failure +RestartSec=15 + +[Install] +WantedBy=multi-user.target