nixos-configuration/pkgs/myintercom-doorbell/module.nix

{ config, lib, pkgs, ... }:

let
  cfg = config.services.myintercom-doorbell;
  mediamtxConfig = pkgs.writeTextFile {
    name = "myintercom-doorbell-cam-proxy-config";
    text = lib.generators.toJSON { } {
      paths.sprechanlage.source = "rtsp://${cfg.username}:__PASSWORD__@${cfg.host}/axis-media/media.amp?videocodec=h264&resolution=1280x720&fps=8";
      protocols = [ "udp" ];
      hls = false;
      rtmp = false;
      rtsp = false;
      srt = false;

      webrtc = true;
      webrtcAddress = "${cfg.cam.bindAddress}:${toString cfg.cam.webrtcPort}";

      webrtcICEHostNAT1To1IPs = [ cfg.cam.bindAddress ];
      webrtcICEUDPMuxAddress = ":${toString cfg.cam.webrtcIceUdpPort}";
    };
  };
in
{
  options.services.myintercom-doorbell = with lib; with lib.types; {
    enable = mkEnableOption "Enable myintercom service";
    cam = {
      enable = mkEnableOption "Enable cam proxy service";
      bindAddress = mkOption {
        type = types.str;
        description = "The Address the service binds to.";
        example = "10.0.0.1";
      };
      webrtcPort = mkOption {
        type = types.port;
        description = "Port the WebRTC service binds to.";
        default = 8889;
      };
      webrtcIceUdpPort = mkOption {
        type = types.port;
        description = "Port (udp) the WebRTC ICE service binds to.";
        default = 8189;
      };
    };
    host = mkOption {
      type = types.str;
      description = "The Hostname of myintercom.";
      example = "myintercom.lan.example.net";
    };
    username = mkOption {
      type = types.str;
      description = "Username for basic auth.";
    };
    passwordFile = mkOption {
      type = types.path;
      description = "Path to the file that contains the basic auth password.";
    };
    audiosocket = {
      address = mkOption {
        type = types.str;
        description = "Address the AudioSocket binds to.";
        default = "127.0.0.1";
      };
      port = mkOption {
        type = types.port;
        description = "Port the AudioSocket binds to.";
        default = 9092;
      };
      uuid = mkOption {
        type = types.str;
        example = "e461837f-22b0-4652-955f-e1a444f3a42e";
      };
    };
    callerId = mkOption {
      type = types.str;
      description = "The display name to show when the doorbell rings a phone.";
      example = "Doorbell";
    };
    dialTime = mkOption {
      type = types.int;
      description = "The duration how long to wait for the call to be answered.";
      default = 45;
    };
  };

  config = lib.mkIf cfg.enable {
    environment.etc."myintercom-doorbell/settings.json".text = builtins.toJSON {
      host = cfg.host;
      username = cfg.username;
      passwordFile = cfg.passwordFile;
      audiosocket = {
        address = cfg.audiosocket.address;
        port = cfg.audiosocket.port;
        uuid = cfg.audiosocket.uuid;
      };
      callerId = cfg.callerId;
      dialTime = cfg.dialTime;
    };

    systemd.services.myintercom-doorbell-poll = {
      enable = cfg.enable;
      description = "Polls myintercom doorbell ring button status.";
      after = [ "asterisk.service" "network.target" ];
      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        Type = "simple";
        User = "asterisk";
        # @TODO: Use unstable only until 23.11 is released
        ExecStart = "${pkgs.myintercom-doorbell}/bin/myintercom-doorbell-poll";
      };
    };

    systemd.services.myintercom-doorbell-audiosocket = {
      enable = cfg.enable;
      description = "myintercom doorbell AudioSocket for Asterisk";
      requires = [ "asterisk.service" ];
      after = [ "network.target" ];
      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        Type = "simple";
        DynamicUser = true;
        CapabilityBoundingSet = null;
        PrivateUsers = true;
        ProtectHome = true;
        RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
        RestrictNamespaces = true;
        SystemCallFilter = "@system-service";
        LoadCredential = "password:${cfg.passwordFile}";
        Environment = [
          "LISTEN_ADDRESS=${cfg.audiosocket.address}"
          "LISTEN_PORT=${toString cfg.audiosocket.port}"
          "USERNAME=${cfg.username}"
          "PASSWORD_FILE=%d/password"
        ];
        ExecStart = "${pkgs.myintercom-doorbell}/bin/myintercom-doorbell-audiosocket";
      };
    };

    systemd.services.myintercom-doorbell-cam-proxy = {
      enable = cfg.cam.enable;
      after = [ "network.target" ];
      wantedBy = [ "multi-user.target" ];
      description = "Proxies the videostream of myintercom doorbell.";
      script = ''
        sed "s:__PASSWORD__:$(cat "$PASSWORD_FILE"):" "${mediamtxConfig}" | ${pkgs.master.mediamtx}/bin/mediamtx /dev/stdin
      '';
      serviceConfig = {
        Type = "simple";
        DynamicUser = true;
        LoadCredential = "password:${cfg.passwordFile}";
        Environment = [
          "PASSWORD_FILE=%d/password"
        ];
      };
    };
  };
}