nix-gscheits/machines/raven/services/asterisk.nix

{ config, lib, ... }:
let
  cfg = config.services.asterisk;
  secretConfigFiles = [
    "ari"
    "pjsip"
    "voicemail"
  ];
  rtp = {
    start = 10000;
    end = 10200;
  };
in
{
  services.asterisk = {
    enable = true;
    confFiles = {
      "extensions.conf" = ''
        [sipgate-in]
        exten => _2430207e0,1,Noop(Processing an incoming call)
        same => n,Dial(PJSIP/100,20,tT)
        same  = n,VoiceMail(7929876@fablab,su)
        same => n,Hangup()

        exten => _3529,1,Noop(Processing an incoming call)
        same => n,Dial(PJSIP/100,60,tT)
        same => n,Hangup()

        [dect]
        exten = 99,1,Answer()
        same = n,Wait(1)
        same = n,VoiceMailMain(7929876@fablab)
        same = n,Hangup()

        exten = 98,1,Answer()
        same = n,Wait(1)
        same = n,Playback(der_dude_ist_nicht)
        same = n,Hangup()

        exten = _1XX,1,Dial(PJSIP/''${EXTEN},30,tT)
        same = n,Hangup()

        ; Kassen
        exten = _4XX,1,Dial(PJSIP/''${EXTEN},30,tT)
        same = n,Hangup()

        ; weinturm
        exten = 410,1,Dial(PJSIP/100&PJSIP/410,30,tT)
        same = n,Hangup()
        ; /weinturm

        exten => _XXX.,1,Noop(Processing an outgoing call)
        same => n,Dial(PJSIP/''${EXTEN}@sipgate,tT)
        same => n,Hangup()

        [cisco]
        exten = _1XX,1,Dial(PJSIP/''${EXTEN},30,tT)
        same = n,Hangup()

        exten = 420,1,Dial(PJSIP/101,30,tT)
        same = n,Hangup()

        exten = _4XX,1,Dial(PJSIP/''${EXTEN},30,tT)
        same = n,Hangup()

        ; weinturm
        exten = 410,1,Dial(PJSIP/100&PJSIP/410,30,tT)
        same = n,Hangup()

        ; Kleinturm
        exten = _58X,1,Dial(PJSIP/''${EXTEN},30,tT)
        same = n,Hangup()

        ; /weinturm
      '';
      "http.conf" = ''
        [general]
        enabled=yes
        bindaddr=127.0.0.1

        ; Port to bind to for HTTP sessions (default is 8088)
        ;bindport=8088

        tlsdisablev1=yes
        tlsdisablev11=yes
        tlsdisablev12=yes

        tlsservercipherorder=yes
      '';
      "rtp.conf" = ''
        [general]
        rtpstart=${toString rtp.start}
        rtpend=${toString rtp.end}
      '';
      "dnsmgr.conf" = ''
        [general]
        enable=yes
        refreshinterval=60
      '';
    };
    useTheseDefaultConfFiles = [ ];
  };

  system.activationScripts.copyAsteriskFiles = lib.stringAfter [ "var" ] ''
    rm -f /var/lib/asterisk/documentation/core-en_US.xml
    mkdir -p /var/lib/asterisk/documentation
    ln -s ${cfg.package}/var/lib/asterisk/static-http/core-en_US.xml /var/lib/asterisk/documentation/core-en_US.xml
  '';

  sops.secrets = (lib.listToAttrs (map
    (name: lib.nameValuePair "asterisk-${name}" {
      sopsFile = ../secrets.yaml;
      owner = config.users.users.asterisk.name;
    })
    secretConfigFiles));
  environment.etc = lib.mapAttrs'
    (name: _: lib.nameValuePair
      "asterisk/${name}.conf"
      { source = config.sops.secrets."asterisk-${name}".path; })
    (lib.listToAttrs (map (name: lib.nameValuePair name { }) secretConfigFiles));

  networking.firewall = {
    allowedUDPPorts = [
      5060
      5062
    ];
    allowedUDPPortRanges = [
      {
        from = rtp.start;
        to = rtp.end;
      }
    ];
  };
}