nixos-configuration/pkgs/myintercom-doorbell/module.nix

{ config, lib, pkgs, ... }:

let
  cfg = config.services.myintercom-doorbell;
in
{
  options.services.myintercom-doorbell = with lib; with lib.types; {
    enable = mkEnableOption "Enable myintercom service";
    host = mkOption {
      type = types.str;
      description = "The Hostname of myintercom.";
      example = "myintercom.lan.example.net";
    };
    username = mkOption {
      type = types.str;
      description = "Username for basic auth.";
    };
    passwordFile = mkOption {
      type = types.path;
      description = "Path to the file that contains the basic auth password.";
    };
    audiosocket = {
      address = mkOption {
        type = types.str;
        description = "Address the AudioSocket binds to.";
        default = "127.0.0.1";
      };
      port = mkOption {
        type = types.port;
        description = "Port the AudioSocket binds to.";
        default = 9092;
      };
      uuid = mkOption {
        type = types.str;
        example = "e461837f-22b0-4652-955f-e1a444f3a42e";
      };
    };
    callerId = mkOption {
      type = types.str;
      description = "The display name to show when the doorbell rings a phone.";
      example = "Doorbell";
    };
    dialTime = mkOption {
      type = types.int;
      description = "The duration how long to wait for the call to be answered.";
      default = 45;
    };
  };

  config = lib.mkIf cfg.enable {
    environment.etc."myintercom-doorbell/settings.json".text = builtins.toJSON {
      host = cfg.host;
      username = cfg.username;
      passwordFile = cfg.passwordFile;
      audiosocket = {
        address = cfg.audiosocket.address;
        port = cfg.audiosocket.port;
        uuid = cfg.audiosocket.uuid;
      };
      callerId = cfg.callerId;
      dialTime = cfg.dialTime;
    };

    systemd.services.myintercom-doorbell-poll = {
      enable = cfg.enable;
      description = "Polls myintercom doorbell ring button status.";
      after = [ "asterisk.service" ];
      serviceConfig = {
        Type = "simple";
        User = "asterisk";
        ExecStart = "${pkgs.myintercom-doorbell}/bin/myintercom-doorbell-poll";
      };
    };

    systemd.services.myintercom-doorbell-audiosocket = {
      enable = cfg.enable;
      description = "myintercom doorbell AudioSocket for Asterisk";
      requires = [ "asterisk.service" ];
      serviceConfig = {
        Type = "simple";
        DynamicUser = true;
        CapabilityBoundingSet = null;
        PrivateUsers = true;
        ProtectHome = true;
        RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
        RestrictNamespaces = true;
        SystemCallFilter = "@system-service";
        LoadCredential = "password:${cfg.passwordFile}";
        Environment = [
          "LISTEN_ADDRESS=${cfg.audiosocket.address}"
          "LISTEN_PORT=${toString cfg.audiosocket.port}"
          "USERNAME=${cfg.username}"
          "PASSWORD_FILE=%d/password"
        ];
        ExecStart = "${pkgs.myintercom-doorbell}/bin/myintercom-doorbell-audiosocket";
      };
    };
  };
}