From 3f6de04b84c96710fd86b1400faeb459b003013a Mon Sep 17 00:00:00 2001
From: Jakob Lechner <mail@jalr.de>
Date: Wed, 23 Jul 2025 05:05:29 +0200
Subject: [PATCH 01/16] Add easybell lines

---
 hosts/pbx/secrets.yaml                   | 14 +++++-
 hosts/pbx/services/fieldpoc/accounts.nix | 63 ++++++++++++++++++++++++
 hosts/pbx/services/fieldpoc/default.nix  |  4 ++
 3 files changed, 79 insertions(+), 2 deletions(-)
 create mode 100644 hosts/pbx/services/fieldpoc/accounts.nix

diff --git a/hosts/pbx/secrets.yaml b/hosts/pbx/secrets.yaml
index fc47f86..bb57413 100644
--- a/hosts/pbx/secrets.yaml
+++ b/hosts/pbx/secrets.yaml
@@ -3,6 +3,16 @@ fieldpoc:
     sip: ENC[AES256_GCM,data:B82q2sD5I6NUa+RphJL+f1IT5qpZYlpMunZUaN5JJ5I=,iv:YzDg/g1C1z7kV2R5LLNMhe2UvaRaurQKaq4SbGfFKmQ=,tag:NuWn3D8u6jiJFZFTaFvv3g==,type:str]
 wireguard:
     public-ip4: ENC[AES256_GCM,data:NifuhsgDA+/4c+Op9CAg4jhizFdup7FL9jQt4VLGqGzOaY9lMpAFvrWiW2o=,iv:zKN7QTIEo8+KjwtNPxhUVwD+6Xmz48gp9nDAg3bOazo=,tag:GQCBEFAD2en33gKXraXArw==,type:str]
+yate:
+    accounts:
+        easybell-2: ENC[AES256_GCM,data:jPyZY87r++dNLZCv,iv:BMVICnZujyIbE4IYi+Z9tqn5rbWwnEcoHm9/jWAAhsc=,tag:tk/Vs0tOt6p+a3vD0bJMfw==,type:str]
+        easybell-3: ENC[AES256_GCM,data:JNQKClwQtYm4GMRp,iv:WsYzrY4vDPQ5voGkQsnOTFTeo09XbE1SfOT6cPv6NJw=,tag:M0hvDGUnFM8lRxRiXNMOUA==,type:str]
+        easybell-4: ENC[AES256_GCM,data:+bvA76qDKPfSwF/j,iv:Dtnn8JOnIHEXfwjqIWnNlAWdCVIzDbuz1VT6YVPo62w=,tag:NQrKHSV93u5ZAnwYu8EDHQ==,type:str]
+        easybell-5: ENC[AES256_GCM,data:yj8BuiShAb7gRapp,iv:R0Rj6+Bd54nb4vGfv2yD+H5miWaxLIiMwozgsq/cGN8=,tag:/iQ0r1rTOvDsb+Ik1Rg6oA==,type:str]
+        easybell-6: ENC[AES256_GCM,data:aAgbSrXbReqUkFq0,iv:VcAsb+246Qys0BJGpTwxTaj5LpQ5fuyJNys3EOMzt5k=,tag:7zXTQNtdsadRiZ/7DrtnHg==,type:str]
+        easybell-7: ENC[AES256_GCM,data:XU+9wmOTck+xXedv,iv:2ehV8RDzGY68BmlJf5u1oCG/G80uDtFBiA4MGotrFgU=,tag:+mGKoOBjmrB70iOoBTTsKA==,type:str]
+        easybell-8: ENC[AES256_GCM,data:mVjh6ybvPnT8YhXy,iv:l6RXSdK7Jq/ObOc0gx2fw/9SoZNyGaIAjsl9wBiI7UI=,tag:eIOi54s6RsmYHvrG15pPYQ==,type:str]
+        easybell-9: ENC[AES256_GCM,data:v0fo8FFrfQQn1H29,iv:jmDFvuRb4W12D9Gh6CLArymyf7efMvsQiELGksTa6Lk=,tag:wylK++mO98LZCsWd1DIT1Q==,type:str]
 sops:
     age:
         - recipient: age16s0cyttcsp40jup9vnreck6mw500ae8j4ayrmf0tg79ukhgua3vsf4m5j4
@@ -14,8 +24,8 @@ sops:
             TFN1ZFJ2cEZmcHoxSmU1c3o0Q0w1cnMKkT8uBrgL9zyL5PAcqJqQerUdJN8yieVO
             JwJvcU3I6reHuVkeNKGCZXdYrNMGeFPWwL88yHJW9MYjhO6xfDo8WQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-07-22T09:02:55Z"
-    mac: ENC[AES256_GCM,data:EYfRNPGHQYmxYPswTozFpd7Vp9j7PhV/Vop8dvvdr3JeAUGoHF2FHZt2Xxrni/wu3CSFW2jGLpMPXigiCxZndbGZhREjCaFrvtNIL/5fhmFV9hoAuW7jp8ydRbHoSB2wJ0d+O/YO4Y5uoKO+pnbmvWgMpHllrBvMMJ/+1tBgh5g=,iv:48VMeGQvhVTAgrtKNbyE9YTQLsp7vYlRPrm9cUMBC24=,tag:j9PPD8B7CYiojNKf6BhG+w==,type:str]
+    lastmodified: "2025-07-23T09:35:37Z"
+    mac: ENC[AES256_GCM,data:e1hoBiXA1BrLVTaf/siFWwjDSPvgaWYmfzMBjoIqShj1MnUg8vXBfPR89bhsPNtOkW7s0HVsgFeKBMFm0++xkDOb/Xy7gdzPltF4f8P0D5SrlcEoeHgRQWLCgxJLB4suKUBhUauccKKg1NlIVXw3MgizBjG7+bTfGDXZfVGGJy4=,iv:O0JE5V6rVkPnCpxVsGJUpeQZsmJF4ZxPTnqnLwZZnlg=,tag:AnejfZw44+8CnoDHS1KIsg==,type:str]
     pgp:
         - created_at: "2025-07-18T23:14:45Z"
           enc: |-
diff --git a/hosts/pbx/services/fieldpoc/accounts.nix b/hosts/pbx/services/fieldpoc/accounts.nix
new file mode 100644
index 0000000..0bf2ea2
--- /dev/null
+++ b/hosts/pbx/services/fieldpoc/accounts.nix
@@ -0,0 +1,63 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  sops.secrets = lib.listToAttrs (
+    map
+    (number:
+      lib.nameValuePair "yate/accounts/easybell-${toString number}" {
+        sopsFile = ../../secrets.yaml;
+        owner = "yate";
+      })
+    (lib.lists.range 2 9)
+  );
+
+  environment.etc."yate/accfile.conf" = {
+    mode = "symlink";
+    source = "/var/run/yate/accfile.conf";
+  };
+
+  systemd.services.yate.serviceConfig = let
+    easybellAccount = name: username: let
+      title = "easybell-${toString name}";
+      secretPath = config.sops.secrets."yate/accounts/${title}".path;
+    in ''
+      [${title}]
+      enabled=yes
+      protocol=sip
+      username=${username}
+      password=$(cat "${secretPath}")
+      registrar=pbx.easybell.de
+    '';
+    accounts = [
+      (easybellAccount 2 "CPBX-61tkfwsx-000004")
+      (easybellAccount 3 "CPBX-61tkfwsx-000005")
+      (easybellAccount 4 "CPBX-61tkfwsx-000006")
+      (easybellAccount 5 "CPBX-61tkfwsx-000007")
+      (easybellAccount 6 "CPBX-61tkfwsx-000008")
+      (easybellAccount 7 "CPBX-61tkfwsx-000009")
+      (easybellAccount 8 "CPBX-61tkfwsx-000010")
+      (easybellAccount 9 "CPBX-61tkfwsx-000011")
+    ];
+  in {
+    RuntimeDirectory = "yate";
+    RuntimeDirectoryMode = lib.mkForce "2750";
+    ExecStartPre = pkgs.writeShellScript "yate-pre-start" ''
+      cat > "$RUNTIME_DIRECTORY/accfile.conf" << EOF
+      ${lib.concatStringsSep "\n" accounts}
+      EOF
+    '';
+  };
+
+  services.yate.config = {
+    yate.modules."regexroute.yate" = "enable";
+    regexroute.default = let
+      matchCalled = account: ''''${called}^${account}$'';
+    in {
+      "${matchCalled "CPBX-61tkfwsx-000004"}" = "sip/sip:1337@192.168.98.11";
+      #"^.*$" = ''echo REGEXROUTE DEBUG called=''${called} address=''${address} callsource=''${callsource} formats=''${formats} id=''${id} peerid=''${peerid} ip_host=''${ip_host} ip_port=''${ip_port} overlapped=''${overlapped} rtp_forward=''${rtp_forward} type=''${type} username=''${username} line=''${line} account=''${account} caller=''${caller} called=''${called} module=''${module}'';
+    };
+  };
+}
diff --git a/hosts/pbx/services/fieldpoc/default.nix b/hosts/pbx/services/fieldpoc/default.nix
index 949f1bd..17c9af7 100644
--- a/hosts/pbx/services/fieldpoc/default.nix
+++ b/hosts/pbx/services/fieldpoc/default.nix
@@ -5,6 +5,10 @@
     to = 11250;
   };
 in {
+  imports = [
+    ./accounts.nix
+  ];
+
   sops.secrets."fieldpoc/omm" = {
     sopsFile = ../../secrets.yaml;
     owner = "fieldpoc";

From 03eebb71235690eb03183a5f53d8c3ef0a8c5e9f Mon Sep 17 00:00:00 2001
From: Jakob Lechner <mail@jalr.de>
Date: Wed, 23 Jul 2025 22:19:11 +0200
Subject: [PATCH 02/16] Add nftables rule for PPPoE MSS

---
 hosts/pbx/networking.nix | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/hosts/pbx/networking.nix b/hosts/pbx/networking.nix
index 363d878..7679d3f 100644
--- a/hosts/pbx/networking.nix
+++ b/hosts/pbx/networking.nix
@@ -1,4 +1,8 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  config,
+  ...
+}: {
   networking = {
     hostName = "pbx";
     useDHCP = false;
@@ -76,6 +80,22 @@
         "voice"
       ];
     };
+    nftables.tables.pppoe = {
+      family = "ip";
+      content = let
+        headerSize = {
+          ipv4 = 20;
+          tcp = 20;
+          pppoe = 8;
+        };
+        maxsegSize = with headerSize; 1500 - ipv4 - tcp - pppoe;
+      in ''
+        chain clamp {
+          type filter hook forward priority mangle;
+          oifname "${config.networking.nat.externalInterface}" tcp flags syn tcp option maxseg size set ${toString maxsegSize}
+        }
+      '';
+    };
     defaultGateway.address = "192.168.100.1";
     nameservers = [
       "9.9.9.9"

From 7e54c2eabfe5e0758744cb466b6b984985f7a40d Mon Sep 17 00:00:00 2001
From: Jakob Lechner <mail@jalr.de>
Date: Wed, 23 Jul 2025 23:20:58 +0200
Subject: [PATCH 03/16] Disable mutable users if impermanence is used

---
 modules/impermanence.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/impermanence.nix b/modules/impermanence.nix
index 70f99bb..c498b4f 100644
--- a/modules/impermanence.nix
+++ b/modules/impermanence.nix
@@ -24,6 +24,8 @@
     cfg = config.weinturm.impermanence;
   in
     lib.mkIf cfg.enable {
+      users.mutableUsers = false;
+
       fileSystems."/persist".neededForBoot = true;
 
       environment.persistence."/persist".directories = [

From 93e8d80d6468072515d9bf18c490c3fbebeb2dbb Mon Sep 17 00:00:00 2001
From: Jakob Lechner <mail@jalr.de>
Date: Wed, 23 Jul 2025 23:20:44 +0200
Subject: [PATCH 04/16] Add password for jalr

---
 hosts/pbx/configuration.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hosts/pbx/configuration.nix b/hosts/pbx/configuration.nix
index 15d1460..1942dff 100644
--- a/hosts/pbx/configuration.nix
+++ b/hosts/pbx/configuration.nix
@@ -6,6 +6,8 @@
     ./services
   ];
 
+  users.users.jalr.initialHashedPassword = "$y$j9T$jNVubFR0TeZOo2jm.aBke/$GPYbyIUGq2lFccC4fHZX61s3EwQ.dB8uUsTINeRLt/1";
+
   weinturm = {
     impermanence = {
       enable = true;

From 6bb470764929c0195c16b9dbbf69d4da712790f1 Mon Sep 17 00:00:00 2001
From: Jakob Lechner <mail@jalr.de>
Date: Wed, 23 Jul 2025 22:57:37 +0200
Subject: [PATCH 05/16] Add unifi controller

---
 docs/hp-switch.md                             |  7 ++-
 hosts/pbx/networking.nix                      | 32 +++++++++++++
 hosts/pbx/secrets.yaml                        |  5 +-
 hosts/pbx/services/default.nix                |  1 +
 .../pbx/services/unifi-controller/default.nix | 46 +++++++++++++++++++
 .../services/unifi-controller/unpoller.nix    | 24 ++++++++++
 modules/default.nix                           |  1 +
 modules/unfree.nix                            |  7 +++
 8 files changed, 119 insertions(+), 4 deletions(-)
 create mode 100644 hosts/pbx/services/unifi-controller/default.nix
 create mode 100644 hosts/pbx/services/unifi-controller/unpoller.nix
 create mode 100644 modules/unfree.nix

diff --git a/docs/hp-switch.md b/docs/hp-switch.md
index be66b38..17cdb50 100644
--- a/docs/hp-switch.md
+++ b/docs/hp-switch.md
@@ -51,12 +51,12 @@ vlan 2 tagged 23,24
 
 vlan 6 name public-event
 vlan 6 qos priority 0
-vlan 6 tagged 21-24
+vlan 6 tagged 13,15,21-24
 
 vlan 7 name weinturm
 vlan 7 qos priority 1
 vlan 7 tagged 21-23
-vlan 7 untagged 1-12,24
+vlan 7 untagged 1-12,13,15,24
 
 vlan 8 name voice
 vlan 8 qos priority 5
@@ -66,6 +66,9 @@ vlan 8 voice
 
 interface ethernet 1-12 enable
 
+interface ethernet 13,15 enable
+interface ethernet 13,15 name WLAN
+
 interface ethernet 17,19 enable
 interface ethernet 17,19 name dect
 
diff --git a/hosts/pbx/networking.nix b/hosts/pbx/networking.nix
index 7679d3f..acb383c 100644
--- a/hosts/pbx/networking.nix
+++ b/hosts/pbx/networking.nix
@@ -1,4 +1,5 @@
 {
+  lib,
   pkgs,
   config,
   ...
@@ -173,6 +174,37 @@
           ];
         }
       ];
+
+      option-def = lib.lists.optional config.services.unifi.enable {
+        name = "unifi-address";
+        code = 1;
+        space = "ubnt";
+        type = "ipv4-address";
+        encapsulate = "";
+      };
+
+      client-classes = lib.lists.optional config.services.unifi.enable {
+        name = "ubnt";
+        test = "(option[vendor-class-identifier].text == 'ubnt')";
+        option-def = [
+          {
+            name = "vendor-encapsulated-options";
+            code = 43;
+            type = "empty";
+            encapsulate = "ubnt";
+          }
+        ];
+        option-data = [
+          {
+            name = "unifi-address";
+            space = "ubnt";
+            data = "192.168.96.1";
+          }
+          {
+            name = "vendor-encapsulated-options";
+          }
+        ];
+      };
     };
   };
 
diff --git a/hosts/pbx/secrets.yaml b/hosts/pbx/secrets.yaml
index bb57413..65e6b3c 100644
--- a/hosts/pbx/secrets.yaml
+++ b/hosts/pbx/secrets.yaml
@@ -1,3 +1,4 @@
+unpoller: ENC[AES256_GCM,data:w1PvLyJlUP+hsJFcgW9hKD/CvTQzSin+,iv:LuSbsN6Hg9XOc1SCYTBjQNXtqlg5tfHutzTNt4dm20I=,tag:BLBmfB0OwhR3VZzvVyd4IQ==,type:str]
 fieldpoc:
     omm: ENC[AES256_GCM,data:vOoow2CTJKfCiml5t0k=,iv:BTnf2ASndaNgjYtikTl/B3a5wSRh37epSDT0eGZpLkI=,tag:XOFlh+Ut3JKPd5AUPtrBMw==,type:str]
     sip: ENC[AES256_GCM,data:B82q2sD5I6NUa+RphJL+f1IT5qpZYlpMunZUaN5JJ5I=,iv:YzDg/g1C1z7kV2R5LLNMhe2UvaRaurQKaq4SbGfFKmQ=,tag:NuWn3D8u6jiJFZFTaFvv3g==,type:str]
@@ -24,8 +25,8 @@ sops:
             TFN1ZFJ2cEZmcHoxSmU1c3o0Q0w1cnMKkT8uBrgL9zyL5PAcqJqQerUdJN8yieVO
             JwJvcU3I6reHuVkeNKGCZXdYrNMGeFPWwL88yHJW9MYjhO6xfDo8WQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-07-23T09:35:37Z"
-    mac: ENC[AES256_GCM,data:e1hoBiXA1BrLVTaf/siFWwjDSPvgaWYmfzMBjoIqShj1MnUg8vXBfPR89bhsPNtOkW7s0HVsgFeKBMFm0++xkDOb/Xy7gdzPltF4f8P0D5SrlcEoeHgRQWLCgxJLB4suKUBhUauccKKg1NlIVXw3MgizBjG7+bTfGDXZfVGGJy4=,iv:O0JE5V6rVkPnCpxVsGJUpeQZsmJF4ZxPTnqnLwZZnlg=,tag:AnejfZw44+8CnoDHS1KIsg==,type:str]
+    lastmodified: "2025-07-23T20:25:37Z"
+    mac: ENC[AES256_GCM,data:fuTK5OV8mL8xe23/IkwDHiseSvfZ7BteR88k40rVCQaHOtVU66BteffEzxB6oHTQdmr4Ni8S7lrT2s3Y5oUpKe8oy6a7fbDL8fSipiKXzrUDvmnIr02Cp3UkUeEZrZXgClp31YRLtL00u1qvgSOxSBGCHXJwY1Xyoy9T5u0PNtQ=,iv:wQNa9COOvgoEmbPbCr1p/51158B9/97iqKGmvfYRti4=,tag:TEheul0eeir06sRGHm1NvQ==,type:str]
     pgp:
         - created_at: "2025-07-18T23:14:45Z"
           enc: |-
diff --git a/hosts/pbx/services/default.nix b/hosts/pbx/services/default.nix
index d22355b..4a97612 100644
--- a/hosts/pbx/services/default.nix
+++ b/hosts/pbx/services/default.nix
@@ -2,6 +2,7 @@
   imports = [
     ./fieldpoc
     ./public-ip4-tunnel.nix
+    ./unifi-controller
     ./webserver.nix
   ];
 }
diff --git a/hosts/pbx/services/unifi-controller/default.nix b/hosts/pbx/services/unifi-controller/default.nix
new file mode 100644
index 0000000..baea9e9
--- /dev/null
+++ b/hosts/pbx/services/unifi-controller/default.nix
@@ -0,0 +1,46 @@
+args: let
+  domain = "unifi.weinturm.de";
+in {
+  imports = [
+    (import ./unpoller.nix (args // {inherit domain;}))
+  ];
+
+  services.unifi.enable = true;
+
+  networking.firewall.interfaces.weinturm = {
+    # https://help.ubnt.com/hc/en-us/articles/218506997
+    allowedTCPPorts = [
+      8080 # Port for UAP to inform controller.
+      8880 # Port for HTTP portal redirect, if guest portal is enabled.
+      8843 # Port for HTTPS portal redirect, ditto.
+      6789 # Port for UniFi mobile speed test.
+    ];
+    allowedUDPPorts = [
+      3478 # UDP port used for STUN.
+      10001 # UDP port used for device discovery.
+    ];
+  };
+
+  environment.persistence."/persist".directories = [
+    {
+      directory = "/var/lib/unifi";
+      user = "unifi";
+      group = "unifi";
+      mode = "u=rwx,g=rx,o=rx";
+    }
+  ];
+
+  services.nginx.virtualHosts = {
+    "${domain}" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "https://127.0.0.1:8443";
+        recommendedProxySettings = true;
+        extraConfig = ''
+          proxy_ssl_verify off;
+        '';
+      };
+    };
+  };
+}
diff --git a/hosts/pbx/services/unifi-controller/unpoller.nix b/hosts/pbx/services/unifi-controller/unpoller.nix
new file mode 100644
index 0000000..e89e089
--- /dev/null
+++ b/hosts/pbx/services/unifi-controller/unpoller.nix
@@ -0,0 +1,24 @@
+{
+  config,
+  domain,
+  ...
+}: {
+  sops.secrets.unpoller = {
+    owner = config.services.prometheus.exporters.unpoller.user;
+    sopsFile = ../../secrets.yaml;
+  };
+
+  services.prometheus.exporters.unpoller = {
+    enable = true;
+    controllers = [
+      {
+        user = "unpoller";
+        url = "https://${domain}";
+        pass = config.sops.secrets.unpoller.path;
+        verify_ssl = false;
+        hash_pii = true;
+      }
+    ];
+    log.prometheusErrors = true;
+  };
+}
diff --git a/modules/default.nix b/modules/default.nix
index 6497baa..41909df 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -10,6 +10,7 @@
     ./nix.nix
     ./security.nix
     ./sshd.nix
+    ./unfree.nix
     ./zram.nix
   ];
 
diff --git a/modules/unfree.nix b/modules/unfree.nix
new file mode 100644
index 0000000..b900b5f
--- /dev/null
+++ b/modules/unfree.nix
@@ -0,0 +1,7 @@
+{lib, ...}: {
+  nixpkgs.config.allowUnfreePredicate = pkg:
+    lib.elem (lib.getName pkg) [
+      "mongodb"
+      "unifi-controller"
+    ];
+}

From 24fe84b86fe7c2c00c8175c5deae1dfa01606c68 Mon Sep 17 00:00:00 2001
From: Jakob Lechner <mail@jalr.de>
Date: Thu, 24 Jul 2025 01:04:13 +0200
Subject: [PATCH 06/16] Make /var/lib/acme a persist path

---
 modules/impermanence.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/impermanence.nix b/modules/impermanence.nix
index c498b4f..1df8dad 100644
--- a/modules/impermanence.nix
+++ b/modules/impermanence.nix
@@ -30,6 +30,7 @@
 
       environment.persistence."/persist".directories = [
         "/var/lib/nixos"
+        "/var/lib/acme"
       ];
 
       boot.initrd.postDeviceCommands = let

From 4193e6b96af5c6785052c720d332db49db8d1476 Mon Sep 17 00:00:00 2001
From: Jakob Lechner <mail@jalr.de>
Date: Thu, 24 Jul 2025 01:49:57 +0200
Subject: [PATCH 07/16] Remove static default gateway

Use DHCP instead
---
 hosts/pbx/networking.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/hosts/pbx/networking.nix b/hosts/pbx/networking.nix
index acb383c..31d9731 100644
--- a/hosts/pbx/networking.nix
+++ b/hosts/pbx/networking.nix
@@ -97,7 +97,6 @@
         }
       '';
     };
-    defaultGateway.address = "192.168.100.1";
     nameservers = [
       "9.9.9.9"
       "149.112.112.112"

From bcacdc6609d51d49aed0f698a3e5df5f4bfc7710 Mon Sep 17 00:00:00 2001
From: Jakob Lechner <mail@jalr.de>
Date: Thu, 24 Jul 2025 03:44:00 +0200
Subject: [PATCH 08/16] Use tunnel as gateway for VoIP traffic

---
 hosts/pbx/networking.nix                 |  2 +-
 hosts/pbx/services/public-ip4-tunnel.nix | 72 +++++++++++++++++++++---
 2 files changed, 64 insertions(+), 10 deletions(-)

diff --git a/hosts/pbx/networking.nix b/hosts/pbx/networking.nix
index 31d9731..e46f25f 100644
--- a/hosts/pbx/networking.nix
+++ b/hosts/pbx/networking.nix
@@ -9,7 +9,7 @@
     useDHCP = false;
 
     # Fix Intel NIC e1000e hardware unit hang
-    localCommands = "${pkgs.ethtool}/bin/ethtool -K enp0s25 tso off gso off";
+    localCommands = lib.mkBefore "${pkgs.ethtool}/bin/ethtool -K enp0s25 tso off gso off";
 
     firewall.interfaces = {
       weinturm.allowedUDPPorts = [53 67];
diff --git a/hosts/pbx/services/public-ip4-tunnel.nix b/hosts/pbx/services/public-ip4-tunnel.nix
index ffef316..1246da8 100644
--- a/hosts/pbx/services/public-ip4-tunnel.nix
+++ b/hosts/pbx/services/public-ip4-tunnel.nix
@@ -1,5 +1,6 @@
 {
   config,
+  lib,
   pkgs,
   ...
 }: let
@@ -17,6 +18,16 @@ in {
     sopsFile = ../secrets.yaml;
   };
 
+  services.yate.config.ysipchan = {
+    general.localaddress = externalIp;
+    "listener external" = {
+      enable = "true";
+      type = "udp";
+      addr = externalIp;
+      port = 5060;
+    };
+  };
+
   networking = {
     iproute2 = {
       enable = true;
@@ -24,18 +35,61 @@ in {
         ${toString rtTable.id} ${rtTable.name}
       '';
     };
-    wireguard.interfaces."${interface}" = {
+
+    wireguard.interfaces."${interface}" = let
+      rules = [
+        "from 192.168.98.0/24 to 10.0.0.0/8 table main priority 10"
+        "from 192.168.98.0/24 to 192.168.0.0/16 table main priority 10"
+        "fwmark 0x1 to 192.168.0.0/16 table main priority 10"
+        "fwmark 0x1 to 10.0.0.0/8 table main priority 10"
+
+        "from ${externalIp} to 10.0.0.0/8 table main priority 10"
+        "from ${externalIp} to 192.168.0.0/16 table main priority 10"
+        "from ${externalIp} table ${rtTable.name} priority 20"
+        "from 192.168.98.0/24 table ${interface} priority 20"
+
+        "fwmark 0x1 table ${interface} priority 20"
+      ];
+      addRule = rule: "ip rule add " + rule;
+      deleteRule = rule: "ip rule delete " + rule;
+      path = pkgs.lib.makeBinPath [pkgs.iproute2 pkgs.nftables];
+    in {
       ips = ["${externalIp}/32"];
       privateKeyFile = config.sops.secrets."wireguard/${interface}".path;
       table = rtTable.name;
-      postSetup = ''
-        ${pkgs.iproute2}/bin/ip rule add from ${externalIp} to 192.168.0.0/16 table main priority 10
-        ${pkgs.iproute2}/bin/ip rule add from ${externalIp} table ${rtTable.name} priority 20
-      '';
-      postShutdown = ''
-        ${pkgs.iproute2}/bin/ip rule del from ${externalIp} to 192.168.0.0/16 table main priority 10
-        ${pkgs.iproute2}/bin/ip rule del from ${externalIp} table ${rtTable.name} priority 20
-      '';
+      postSetup = lib.concatLines [
+        "export PATH=${path}"
+        "set -x"
+        (lib.concatMapStringsSep "\n" addRule rules)
+        /*
+        ip route change default dev ${interface} src ${externalIp} table ${rtTable.name}
+        */
+        ''
+
+          nft add table ip wg_nat-${interface}
+          nft add chain ip wg_nat-${interface} postrouting '{type nat hook postrouting priority srcnat;}'
+          nft add rule  ip wg_nat-${interface} postrouting ip saddr 192.168.0.0/16 oifname "public-ip4" counter snat to ${externalIp}
+
+          nft add table inet wg_filter-${interface}
+          nft add chain inet wg_filter-${interface} forward '{type filter hook forward priority 0; policy accept;}'
+
+          nft add table inet marks-${interface}
+          nft add chain inet marks-${interface} output '{type route hook output priority mangle;}'
+          nft add rule  inet marks-${interface} output meta skuid yate mark set 0x1
+        ''
+      ];
+      postShutdown = lib.concatLines [
+        "export PATH=${path}"
+        "set -x"
+        (lib.concatMapStringsSep "\n" deleteRule rules)
+
+        ''
+          nft delete table ip wg_nat-${interface}
+          nft delete table inet wg_filter-${interface}
+
+          nft delete table inet marks-${interface}
+        ''
+      ];
       peers = [
         {
           inherit publicKey;

From d8bc1c9762a9c73ff0540f7d899cedcd399b0c1a Mon Sep 17 00:00:00 2001
From: Jakob Lechner <mail@jalr.de>
Date: Mon, 28 Jul 2025 01:58:18 +0200
Subject: [PATCH 09/16] SIP calls from internet have audio now

---
 hosts/default.nix                        |  2 +-
 hosts/pbx/services/public-ip4-tunnel.nix | 17 ++++-------------
 2 files changed, 5 insertions(+), 14 deletions(-)

diff --git a/hosts/default.nix b/hosts/default.nix
index 40bae16..4960303 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -1,6 +1,6 @@
 _inputs: {
   pbx = {
     system = "x86_64-linux";
-    targetHost = "tel.weinturm.de";
+    #targetHost = "tel.weinturm.de";
   };
 }
diff --git a/hosts/pbx/services/public-ip4-tunnel.nix b/hosts/pbx/services/public-ip4-tunnel.nix
index 1246da8..061b2db 100644
--- a/hosts/pbx/services/public-ip4-tunnel.nix
+++ b/hosts/pbx/services/public-ip4-tunnel.nix
@@ -19,11 +19,10 @@ in {
   };
 
   services.yate.config.ysipchan = {
-    general.localaddress = externalIp;
-    "listener external" = {
-      enable = "true";
-      type = "udp";
+    general.rtp_localip = externalIp;
+    general = {
       addr = externalIp;
+      type = "udp";
       port = 5060;
     };
   };
@@ -40,15 +39,13 @@ in {
       rules = [
         "from 192.168.98.0/24 to 10.0.0.0/8 table main priority 10"
         "from 192.168.98.0/24 to 192.168.0.0/16 table main priority 10"
-        "fwmark 0x1 to 192.168.0.0/16 table main priority 10"
-        "fwmark 0x1 to 10.0.0.0/8 table main priority 10"
 
         "from ${externalIp} to 10.0.0.0/8 table main priority 10"
         "from ${externalIp} to 192.168.0.0/16 table main priority 10"
         "from ${externalIp} table ${rtTable.name} priority 20"
         "from 192.168.98.0/24 table ${interface} priority 20"
 
-        "fwmark 0x1 table ${interface} priority 20"
+        "from ${externalIp} lookup ${rtTable.name}"
       ];
       addRule = rule: "ip rule add " + rule;
       deleteRule = rule: "ip rule delete " + rule;
@@ -72,10 +69,6 @@ in {
 
           nft add table inet wg_filter-${interface}
           nft add chain inet wg_filter-${interface} forward '{type filter hook forward priority 0; policy accept;}'
-
-          nft add table inet marks-${interface}
-          nft add chain inet marks-${interface} output '{type route hook output priority mangle;}'
-          nft add rule  inet marks-${interface} output meta skuid yate mark set 0x1
         ''
       ];
       postShutdown = lib.concatLines [
@@ -86,8 +79,6 @@ in {
         ''
           nft delete table ip wg_nat-${interface}
           nft delete table inet wg_filter-${interface}
-
-          nft delete table inet marks-${interface}
         ''
       ];
       peers = [

From 709af554b98e2fff2a6b42c5eba40a92f5b8346c Mon Sep 17 00:00:00 2001
From: Jakob Lechner <mail@jalr.de>
Date: Mon, 28 Jul 2025 02:10:59 +0200
Subject: [PATCH 10/16] Add listener on voice interface

---
 hosts/pbx/services/fieldpoc/default.nix  | 15 ++++++++++++---
 hosts/pbx/services/public-ip4-tunnel.nix |  2 +-
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/hosts/pbx/services/fieldpoc/default.nix b/hosts/pbx/services/fieldpoc/default.nix
index 17c9af7..bd63f23 100644
--- a/hosts/pbx/services/fieldpoc/default.nix
+++ b/hosts/pbx/services/fieldpoc/default.nix
@@ -45,9 +45,18 @@ in {
   ];
 
   services = {
-    yate.config.yrtpchan.general = {
-      minport = rtpPorts.from;
-      maxport = rtpPorts.to;
+    yate.config = {
+      yrtpchan.general = {
+        minport = rtpPorts.from;
+        maxport = rtpPorts.to;
+      };
+      ysipchan = {
+        "listener voice" = {
+          addr = (builtins.elemAt config.networking.interfaces.voice.ipv4.addresses 0).address;
+          type = "udp";
+          port = 5060;
+        };
+      };
     };
 
     fieldpoc = {
diff --git a/hosts/pbx/services/public-ip4-tunnel.nix b/hosts/pbx/services/public-ip4-tunnel.nix
index 061b2db..93ab81e 100644
--- a/hosts/pbx/services/public-ip4-tunnel.nix
+++ b/hosts/pbx/services/public-ip4-tunnel.nix
@@ -19,11 +19,11 @@ in {
   };
 
   services.yate.config.ysipchan = {
-    general.rtp_localip = externalIp;
     general = {
       addr = externalIp;
       type = "udp";
       port = 5060;
+      rtp_localip = externalIp;
     };
   };
 

From 6ddac5f1e25c83e478bdb7ec46a60282c353db84 Mon Sep 17 00:00:00 2001
From: Jakob Lechner <mail@jalr.de>
Date: Mon, 28 Jul 2025 20:01:20 +0200
Subject: [PATCH 11/16] Add missing rule for 10.0.0.0/8

---
 hosts/pbx/services/public-ip4-tunnel.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hosts/pbx/services/public-ip4-tunnel.nix b/hosts/pbx/services/public-ip4-tunnel.nix
index 93ab81e..5f130aa 100644
--- a/hosts/pbx/services/public-ip4-tunnel.nix
+++ b/hosts/pbx/services/public-ip4-tunnel.nix
@@ -66,6 +66,7 @@ in {
           nft add table ip wg_nat-${interface}
           nft add chain ip wg_nat-${interface} postrouting '{type nat hook postrouting priority srcnat;}'
           nft add rule  ip wg_nat-${interface} postrouting ip saddr 192.168.0.0/16 oifname "public-ip4" counter snat to ${externalIp}
+          nft add rule  ip wg_nat-${interface} postrouting ip saddr 10.0.0.0/8 oifname "public-ip4" counter snat to ${externalIp}
 
           nft add table inet wg_filter-${interface}
           nft add chain inet wg_filter-${interface} forward '{type filter hook forward priority 0; policy accept;}'

From 7b61b01baa1e51c753ecdd230849a93133b18a05 Mon Sep 17 00:00:00 2001
From: Jakob Lechner <mail@jalr.de>
Date: Mon, 28 Jul 2025 20:01:39 +0200
Subject: [PATCH 12/16] Add forwarding firewall rules

---
 hosts/pbx/networking.nix | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/hosts/pbx/networking.nix b/hosts/pbx/networking.nix
index e46f25f..8fef211 100644
--- a/hosts/pbx/networking.nix
+++ b/hosts/pbx/networking.nix
@@ -11,9 +11,18 @@
     # Fix Intel NIC e1000e hardware unit hang
     localCommands = lib.mkBefore "${pkgs.ethtool}/bin/ethtool -K enp0s25 tso off gso off";
 
-    firewall.interfaces = {
-      weinturm.allowedUDPPorts = [53 67];
-      public-event.allowedUDPPorts = [53 67];
+    firewall = {
+      interfaces = {
+        weinturm.allowedUDPPorts = [53 67];
+        public-event.allowedUDPPorts = [53 67];
+      };
+      filterForward = true;
+      extraForwardRules = ''
+        oifname { "jugendtreff", "public-ip4" } meta l4proto tcp tcp dport 25 drop comment "Block outgoing SMTP (TCP/25)"
+        oifname { "jugendtreff", "public-ip4" } meta l4proto tcp tcp dport { 135, 137, 138, 139, 445 } drop comment "Block MS RPC/NetBIOS/SMB (TCP)"
+        oifname { "jugendtreff", "public-ip4" } meta l4proto udp udp dport { 135, 137, 138, 139, 445 } drop comment "Block MS RPC/NetBIOS/SMB (UDP)"
+        oifname { "jugendtreff", "public-ip4" } meta l4proto udp udp dport 1900 drop comment "Block SSDP (UPnP, UDP/1900)"
+      '';
     };
 
     vlans = {

From cd62b5bab8a86d0de9d43254b0e83e2cab235370 Mon Sep 17 00:00:00 2001
From: Jakob Lechner <mail@jalr.de>
Date: Mon, 28 Jul 2025 20:27:01 +0200
Subject: [PATCH 13/16] Fix rules for tunnel

---
 hosts/pbx/services/public-ip4-tunnel.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hosts/pbx/services/public-ip4-tunnel.nix b/hosts/pbx/services/public-ip4-tunnel.nix
index 5f130aa..9cf2dc8 100644
--- a/hosts/pbx/services/public-ip4-tunnel.nix
+++ b/hosts/pbx/services/public-ip4-tunnel.nix
@@ -39,13 +39,13 @@ in {
       rules = [
         "from 192.168.98.0/24 to 10.0.0.0/8 table main priority 10"
         "from 192.168.98.0/24 to 192.168.0.0/16 table main priority 10"
+        "from 192.168.98.0/24 lookup ${rtTable.name} priority 20"
 
         "from ${externalIp} to 10.0.0.0/8 table main priority 10"
         "from ${externalIp} to 192.168.0.0/16 table main priority 10"
         "from ${externalIp} table ${rtTable.name} priority 20"
-        "from 192.168.98.0/24 table ${interface} priority 20"
 
-        "from ${externalIp} lookup ${rtTable.name}"
+        "from ${externalIp} oif ${interface} lookup ${rtTable.name} priority 20"
       ];
       addRule = rule: "ip rule add " + rule;
       deleteRule = rule: "ip rule delete " + rule;

From 651a96a6d9fbe010e34844116529111827e7cfae Mon Sep 17 00:00:00 2001
From: Jakob Lechner <mail@jalr.de>
Date: Tue, 29 Jul 2025 21:23:06 +0200
Subject: [PATCH 14/16] Add phonebook

---
 hosts/pbx/services/fieldpoc/default.nix    |   1 +
 hosts/pbx/services/fieldpoc/extensions.nix |  47 ++++
 hosts/pbx/services/fieldpoc/mkphonebook.py | 279 +++++++++++++++++++++
 3 files changed, 327 insertions(+)
 create mode 100644 hosts/pbx/services/fieldpoc/extensions.nix
 create mode 100644 hosts/pbx/services/fieldpoc/mkphonebook.py

diff --git a/hosts/pbx/services/fieldpoc/default.nix b/hosts/pbx/services/fieldpoc/default.nix
index bd63f23..9aa1bec 100644
--- a/hosts/pbx/services/fieldpoc/default.nix
+++ b/hosts/pbx/services/fieldpoc/default.nix
@@ -7,6 +7,7 @@
 in {
   imports = [
     ./accounts.nix
+    ./extensions.nix
   ];
 
   sops.secrets."fieldpoc/omm" = {
diff --git a/hosts/pbx/services/fieldpoc/extensions.nix b/hosts/pbx/services/fieldpoc/extensions.nix
new file mode 100644
index 0000000..bf28d01
--- /dev/null
+++ b/hosts/pbx/services/fieldpoc/extensions.nix
@@ -0,0 +1,47 @@
+{pkgs, ...}: let
+  mkphonebook = pkgs.python3.pkgs.buildPythonPackage {
+    pname = "fieldpoc-mkphonebook";
+    version = "1.0";
+
+    src = ./mkphonebook.py;
+
+    dontUnpack = true;
+
+    propagatedBuildInputs = [pkgs.makeWrapper];
+
+    format = "other";
+
+    installPhase = ''
+      mkdir -p $out/lib/mkphonebook
+      mkdir -p $out/bin
+      cp $src $out/lib/mkphonebook/script.py
+
+      makeWrapper ${pkgs.python3.interpreter} $out/bin/mkphonebook \
+        --add-flags "$out/lib/mkphonebook/script.py" \
+        --set PYTHONPATH "${pkgs.python3.pkgs.pyyaml}/${pkgs.python3.sitePackages}"
+    '';
+  };
+in {
+  environment.systemPackages = [
+    (
+      pkgs.writeShellScriptBin "fieldpoc-load-extensions" ''
+        set -e
+
+        tmpfile="$(mktemp -p /tmp tmp.extensions.XXXXXXXXXX.json)"
+        trap "rm -f $tmpfile" 0 2 3 15
+
+        ${pkgs.yq}/bin/yq \
+          '.extensions[] |= with_entries(select(.key | IN("name", "type", "dialout_allowed", "trunk", "static_target", "callgroup_members", "sip_password", "dect_ipei")))' \
+          "$1" > $tmpfile
+
+        cat "$tmpfile" | /run/wrappers/bin/sudo -u fieldpoc tee /var/lib/fieldpoc/extensions.json >/dev/null
+
+        curl -s --fail --json '{}' http://127.0.0.1:9437/reload
+
+        ${mkphonebook}/bin/mkphonebook "$1" "/persist/html/index.html"
+
+        rm -f $tmpfile
+      ''
+    )
+  ];
+}
diff --git a/hosts/pbx/services/fieldpoc/mkphonebook.py b/hosts/pbx/services/fieldpoc/mkphonebook.py
new file mode 100644
index 0000000..94221bf
--- /dev/null
+++ b/hosts/pbx/services/fieldpoc/mkphonebook.py
@@ -0,0 +1,279 @@
+import os
+import sys
+import yaml
+from collections import defaultdict
+
+
+def generate_html(extensions):
+    # Icons per Typ
+    type_icons = {
+        "sip": "📱",
+        "dect": "📞",
+        "static": "📌",
+        "callgroup": "👥",
+        "temp": "⏳",
+        "default": "☎️",
+    }
+
+    def make_color(idx):
+        hue = (idx * 30 + idx % 2 * 180) % 360
+        return f"hsl({hue}, 50%, 95%)"
+
+    emergency_color = "hsl(0, 75%, 75%)"
+
+    # Generiere Farbzuordnung je Location
+    locations = sorted(set(info.get("location", "") for info in extensions.values()))
+    location_colors = {}
+    for idx, loc in enumerate(locations):
+        location_colors[loc] = make_color(idx + 1)
+
+    # Generiere HTML
+    html_header = """
+<!DOCTYPE html>
+<html lang="de">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Telefonbuch</title>
+    <style>
+        body {
+            font-family: system-ui, sans-serif;
+            background-color: var(--bg);
+            color: var(--fg);
+            padding: 20px;
+        }
+        h1 {
+            text-align: center;
+        }
+        input[type="text"] {
+            width: 100%%;
+            padding: 10px;
+            margin-bottom: 15px;
+            font-size: 16px;
+            border: 1px solid var(--border);
+            border-radius: 8px;
+            background: var(--input-bg);
+            color: var(--fg);
+        }
+        table {
+            width: 100%%;
+            border-collapse: collapse;
+            background: var(--table-bg);
+            border-radius: 8px;
+            overflow: hidden;
+        }
+        th, td {
+            text-align: left;
+            border-bottom: 1px solid var(--border);
+            padding: 0 12px;
+        }
+        td.extension, td.vanity {
+            font-weight: bold;
+        }
+        td.extension {
+            text-align: right;
+        }
+        td > a {
+            text-decoration: none;
+            color: var(--fg);
+        }
+        td span {
+            display: inline-block;
+            width: 100%;
+            padding: 12px 0px;
+        }
+        tr:hover {
+            background-color: var(--hover);
+        }
+        th {
+            background-color: var(--header-bg);
+            color: var(--header-fg);
+            cursor: pointer;
+        }
+
+        table.only-dialin .has-no-dialin {
+            display: none;
+        }
+
+        /* Farbthemen */
+        :root {
+            --bg: #f5f5f5;
+            --fg: #000;
+            --border: #ccc;
+            --hover: #eee;
+            --header-bg: #4CAF50;
+            --header-fg: white;
+            --table-bg: white;
+            --input-bg: white;
+        }
+
+        @media (prefers-color-scheme: dark) {
+            :root {
+                --bg: #1e1e1e;
+                --fg: #f5f5f5;
+                --border: #444;
+                --hover: #333;
+                --header-bg: #2e7d32;
+                --header-fg: white;
+                --table-bg: #2a2a2a;
+                --input-bg: #2f2f2f;
+            }
+        }
+        @media (max-width: 600px) {
+            body {
+                padding: 0px;
+            }
+            th, td {
+                padding: 0px 4px;
+            }
+            td span {
+                padding: 6px 0px;
+            }
+            th.type, td.type {
+                display:none;
+            }
+        }
+    </style>
+    <script>
+        function searchTable() {
+            const input = document.getElementById("searchInput").value.toLowerCase();
+            const rows = document.querySelectorAll("tbody tr");
+
+            rows.forEach(row => {
+                const name = row.dataset.name.toLowerCase();
+                const ext = row.dataset.ext.toLowerCase();
+                const loc = row.dataset.location.toLowerCase();
+                const match = name.includes(input) || ext.includes(input) || loc.includes(input);
+                row.style.display = match ? "" : "none";
+            });
+        }
+
+        function sortTable(n) {
+            const table = document.getElementById("phoneTable");
+            let switching = true;
+            let dir = "asc";
+            let switchcount = 0;
+
+            while (switching) {
+                switching = false;
+                const rows = table.rows;
+                let tableCol = (row, col) => rows[row].querySelectorAll('td')[col].querySelector('span');
+                for (let i = 1; i < (rows.length - 1); i++) {
+                    const x = tableCol(i, n);
+                    const y = tableCol(i+1, n);
+                    const cmp = x.textContent.trim().localeCompare(y.textContent.trim(), 'de', { numeric: true });
+
+                    if ((dir === "asc" && cmp > 0) || (dir === "desc" && cmp < 0)) {
+                        // Zeilen tauschen
+                        rows[i].parentNode.insertBefore(rows[i + 1], rows[i]);
+                        switching = true;
+                        switchcount++;
+                        break; // Nur ein Tausch pro Durchlauf
+                    }
+                }
+
+                if (switchcount === 0 && dir === "asc") {
+                    dir = "desc";
+                    switching = true;
+                }
+            }
+        }
+        
+        function filterDialin(el) {
+            const table = document.getElementById("phoneTable");
+            if (el.checked) {
+                table.classList.add('only-dialin');
+            } else {
+                table.classList.remove('only-dialin');
+            }
+        }
+
+        document.addEventListener("DOMContentLoaded", function(event) {
+            filterDialin(document.getElementById('filterDialin'));
+        });
+    </script>
+</head>
+<body>
+    <h1>📖 Telefonbuch</h1>
+    <input type="text" id="searchInput" onkeyup="searchTable()" placeholder="Suche nach Name, Nummer oder Standort...">
+    <br>
+    <input type="checkbox" id="filterDialin" onchange="filterDialin(this)">
+    <label for="filterDialin">Nur Nummern mit externer Einwahl anzeigen</label>
+    <div style="overflow-x: auto;">
+        <table id="phoneTable">
+            <thead>
+                <tr>
+                    <th onclick="sortTable(5)"></th>
+                    <th class="extension" onclick="sortTable(1)"></th>
+                    <th onclick="sortTable(2)">🧑 Name</th>
+                    <th onclick="sortTable(3)">🔤 </th>
+                    <th onclick="sortTable(4)">📍 Ort</th>
+                    <th class="type" onclick="sortTable(5)">🔧 Typ</th>
+                </tr>
+            </thead>
+            <tbody>
+"""
+
+    # Sortiere Einträge:
+    # 1. Notrufnummern (3-Stellig) numerisch sortiert
+    # 2. alle weiteren Extensions: nach Location, dann Name
+    rows = sorted(
+        extensions.items(),
+        key=lambda x: (
+            (0, x[0], "")
+            if len(x[0]) < 4
+            else (1, x[1].get("location", ""), x[1].get("name", ""))
+        ),
+    )
+    html_rows = ""
+
+    for ext, info in rows:
+        name = info.get("name", "")
+        typ = info.get("type", "default")
+        location = info.get("location", "")
+        vanity = info.get("vanity", "")
+        dialin = info.get("dialin", "")
+        icon = type_icons.get(typ, type_icons["default"])
+        row_color = (
+            emergency_color if len(ext) < 4 else location_colors.get(location, "#fff")
+        )
+
+        name_cell = f"<span>{name}</span>"
+        if dialin:
+            name_cell = f'<a href="tel:{dialin}">{name_cell}</a>'
+
+        html_rows += f"""
+        <tr class="{'has-dialin' if dialin else 'has-no-dialin'}" data-name="{name}" data-ext="{ext}" data-location="{location}" style="background-color: {row_color}">
+            <td><span>{icon}</span></td>
+            <td class="extension"><a href="tel:{ext}"><span>{ext}</span></a></td>
+            <td>{name_cell}</td>
+            <td class="vanity"><span>{vanity}</span></td>
+            <td class="location"><span>{location}</span></td>
+            <td class="type"><span>{typ}</span></td>
+        </tr>
+"""
+
+    html_footer = """
+            </tbody>
+        </div>
+    </table>
+</body>
+</html>
+"""
+
+    return html_header + html_rows + html_footer
+
+
+def main():
+    INPUT_FILE, OUTPUT_FILE = sys.argv[1:]
+
+    with open(INPUT_FILE, "r") as f:
+        data = yaml.safe_load(f)
+
+    extensions = data.get("extensions", {})
+    with open(OUTPUT_FILE, "w", encoding="utf-8") as f:
+        f.write(generate_html(extensions))
+
+
+if __name__ == "__main__":
+    main()

From e33af543c8389c19a83e9e760d855755327b79e4 Mon Sep 17 00:00:00 2001
From: Jakob Lechner <mail@jalr.de>
Date: Wed, 30 Jul 2025 01:42:27 +0200
Subject: [PATCH 15/16] Add extension upload

---
 .gitignore | 2 ++
 justfile   | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/.gitignore b/.gitignore
index 537d029..9d21165 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,5 @@ result*
 
 # mdBook
 /book/*
+
+/extensions.yaml
diff --git a/justfile b/justfile
index 684e369..11d0dc2 100644
--- a/justfile
+++ b/justfile
@@ -7,3 +7,6 @@ repl:
       pkgs = inputs.nixpkgs.legacyPackages."\${builtins.currentSystem}".extend(import ./pkgs inputs); \
     }) \
   "
+upload-extensions:
+  scp extensions.yaml tel.weinturm.de:
+  ssh tel.weinturm.de fieldpoc-load-extensions extensions.yaml

From f2fc22e8f7cfffaec687b13369668044adc1da30 Mon Sep 17 00:00:00 2001
From: Jakob Lechner <mail@jalr.de>
Date: Wed, 30 Jul 2025 13:42:08 +0200
Subject: [PATCH 16/16] Add favicon

---
 hosts/pbx/services/fieldpoc/extensions.nix   |  55 ++++++-
 hosts/pbx/services/fieldpoc/html/favicon.svg | 162 +++++++++++++++++++
 hosts/pbx/services/fieldpoc/mkphonebook.py   |   6 +
 hosts/pbx/services/webserver.nix             |  12 +-
 4 files changed, 223 insertions(+), 12 deletions(-)
 create mode 100644 hosts/pbx/services/fieldpoc/html/favicon.svg

diff --git a/hosts/pbx/services/fieldpoc/extensions.nix b/hosts/pbx/services/fieldpoc/extensions.nix
index bf28d01..160b7f5 100644
--- a/hosts/pbx/services/fieldpoc/extensions.nix
+++ b/hosts/pbx/services/fieldpoc/extensions.nix
@@ -1,4 +1,9 @@
-{pkgs, ...}: let
+{
+  lib,
+  pkgs,
+  ...
+}: let
+  domain = "tel.weinturm.de";
   mkphonebook = pkgs.python3.pkgs.buildPythonPackage {
     pname = "fieldpoc-mkphonebook";
     version = "1.0";
@@ -21,6 +26,45 @@
         --set PYTHONPATH "${pkgs.python3.pkgs.pyyaml}/${pkgs.python3.sitePackages}"
     '';
   };
+  webmanifest = lib.generators.toJSON {} {
+    name = "Weinturm";
+    short_name = "Telefonbuch";
+    icons = [
+      {
+        src = "/web-app-manifest-192x192.png";
+        sizes = "192x192";
+        type = "image/png";
+        purpose = "maskable";
+      }
+      {
+        src = "/web-app-manifest-512x512.png";
+        sizes = "512x512";
+        type = "image/png";
+        purpose = "maskable";
+      }
+    ];
+    theme_color = "#ffffff";
+    background_color = "#300a8d";
+    display = "standalone";
+  };
+  webmanifestFile = pkgs.writeText "site.webmanifest" webmanifest;
+  webroot = pkgs.stdenvNoCC.mkDerivation {
+    name = "webroot-${domain}";
+    src = ./html;
+    dontBuild = true;
+    installPhase = ''
+      export PATH="$PATH:${pkgs.lib.makeBinPath [pkgs.imagemagick]}"
+      mkdir $out
+      cp "$src/favicon.svg" "$out/favicon.svg"
+      convert -background transparent "$src/favicon.svg" -define icon:auto-resize=16,24,32,48,64,72,96,128,256 "$out/favicon.ico"
+      convert -background transparent "$src/favicon.svg" -resize 180x180 "$out/apple-touch-icon.png"
+      convert -background transparent "$src/favicon.svg" -resize 96x96 "$out/favicon-96x96.png"
+      convert -background transparent "$src/favicon.svg" -resize 192x192 "$out/web-app-manifest-192x192.png"
+      convert -background transparent "$src/favicon.svg" -resize 512x512 "$out/web-app-manifest-512x512.png"
+      cp "${webmanifestFile}" "$out/site.webmanifest"
+      ln -s /persist/html/index.html "$out/index.html"
+    '';
+  };
 in {
   environment.systemPackages = [
     (
@@ -44,4 +88,13 @@ in {
       ''
     )
   ];
+
+  services.nginx.virtualHosts = {
+    "${domain}" = {
+      serverAliases = ["tel.weinturm-open-air.de"];
+      enableACME = true;
+      forceSSL = true;
+      root = webroot;
+    };
+  };
 }
diff --git a/hosts/pbx/services/fieldpoc/html/favicon.svg b/hosts/pbx/services/fieldpoc/html/favicon.svg
new file mode 100644
index 0000000..4ed0da0
--- /dev/null
+++ b/hosts/pbx/services/fieldpoc/html/favicon.svg
@@ -0,0 +1,162 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+   width="256"
+   height="256"
+   viewBox="0 0 256 256"
+   version="1.1"
+   id="svg5"
+   sodipodi:docname="favicon.svg"
+   inkscape:version="1.4.2 (ebf0e940d0, 2025-05-08)"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg">
+  <defs
+     id="defs5" />
+  <sodipodi:namedview
+     id="namedview5"
+     pagecolor="#ffffff"
+     bordercolor="#000000"
+     borderopacity="0.25"
+     inkscape:showpageshadow="2"
+     inkscape:pageopacity="0.0"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:zoom="4.7343749"
+     inkscape:cx="184.39604"
+     inkscape:cy="47.841585"
+     inkscape:window-width="2544"
+     inkscape:window-height="1399"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="0"
+     inkscape:current-layer="svg5"
+     showguides="true" />
+  <rect
+     x="14.472575"
+     y="0.0030998862"
+     width="213.3237"
+     height="255.98843"
+     rx="21.332369"
+     ry="21.332369"
+     fill="#f4b73f"
+     stroke="#444444"
+     stroke-width="4"
+     id="rect1"
+     style="stroke-width:0;stroke-dasharray:none" />
+  <path
+     id="rect1-6"
+     style="fill:#e29126;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-dasharray:none"
+     d="m 227.78145,233.39671 -0.9661,2.13533 c -1.89667,4.20312 -6.24593,7.67343 -10.84847,8.65327 -1.94959,0.41513 -13.9492,0.4842 -84.6368,0.48954 l -67.5985,0.005 H 48.964018 18.457584 16.923799 c 3.517336,6.65058 10.447637,11.19427 18.488749,11.33282 0.0017,10e-6 0.0035,-3e-5 0.0052,0 l 172.156272,-0.026 h 0.0133 c 11.02134,-0.57396 19.77842,-9.4396 20.18137,-20.50689 l 0.0133,-0.0312 z" />
+  <path
+     id="rect3"
+     style="fill:#3c4a5d;fill-opacity:1;stroke-width:1.16292"
+     d="m 227.79627,48.605071 v 37.214463 h 4.42688 4.65083 c 2.57703,0 4.65344,-2.073802 4.65344,-4.650831 V 53.258506 c 0,-2.577031 -2.07641,-4.653435 -4.65344,-4.653435 h -4.65083 z" />
+  <path
+     id="rect3-1"
+     style="fill:#3c4a5d;fill-opacity:1;stroke-width:1.16292"
+     d="m 227.79627,97.002717 v 37.214463 h 4.42688 4.65083 c 2.57703,0 4.65344,-2.0738 4.65344,-4.65083 v -27.9102 c 0,-2.577033 -2.07641,-4.653433 -4.65344,-4.653433 h -4.65083 z" />
+  <path
+     id="rect3-1-7"
+     style="fill:#3c4a5d;fill-opacity:1;stroke-width:1.16292"
+     d="M 227.79627,145.40053 V 182.615 h 4.42688 4.65083 c 2.57703,0 4.65344,-2.0738 4.65344,-4.65083 v -27.91021 c 0,-2.57703 -2.07641,-4.65343 -4.65344,-4.65343 h -4.65083 z" />
+  <path
+     id="rect2"
+     style="fill:#3c4a5d;fill-opacity:1;stroke-width:1.33327"
+     d="m 35.804945,0.00309989 c -11.818133,0 -21.33237,9.51423681 -21.33237,21.33236911 V 234.65916 c 0,11.81814 9.514237,21.33237 21.33237,21.33237 H 48.791337 V 0.08382557 h 8.345977 V 0.00309989 Z" />
+  <path
+     class="cls-3"
+     d="m 108.40769,108.48144 c 0,-0.20461 -0.25183,-0.42496 0.15739,-0.51939 1.29061,-0.20462 2.3294,0.50364 3.62001,0.29904 0.0315,-0.11013 0.0629,-0.22035 0.0944,-0.34627 1.00731,0.14166 2.04609,0.33054 3.10062,0.48792 1.9674,-0.0472 3.90333,-0.12587 5.85498,-0.23609 -0.0472,-0.12586 -0.0787,-0.23608 0.12586,-0.2833 0.8027,-0.0944 1.92018,0.0315 3.08488,0.0629 0.17314,-0.0157 0.34626,-0.0472 0.50366,-0.0629 0.12586,-0.0787 0.17314,-0.18888 0.18887,-0.26757 0.51939,0 0.99157,0.0472 1.41652,0.0787 5.6976,-0.66104 11.47388,-1.448 17.73808,-2.23497 1.3221,-0.31478 2.64419,-0.62956 3.91906,-0.77122 1.8887,-0.12586 4.29679,0.0944 6.15403,0.12586 -0.28331,-1.19617 4.2181,-1.79426 3.32097,-3.00618 1.22765,0.0315 3.06914,0.0629 3.16358,-0.26756 0.2833,-1.02306 1.22765,-2.187756 4.50141,-2.801581 1.27487,-0.14166 3.24226,0.283307 3.68296,0.07866 0.70827,-0.330519 -1.65261,-0.723994 -0.94434,-1.03878 -9.49074,-0.36201 -18.63521,0.07866 -28.1889,0.06293 -3.25801,0.535122 -25.19846,0.771218 -30.83308,0.535122 -0.17314,0 -0.34627,0 -0.51941,0 -3.06914,-0.06293 -6.81506,0.03146 -9.412028,0.487925 -1.196179,0.283307 -2.408096,0.629558 -3.620015,0.96009 0.566611,0.204604 1.086005,0.393484 1.526702,0.598094 -1.227657,-0.0315 -2.455314,-0.0472 -2.92749,0.15738 -2.612706,0.51941 -1.133223,1.11749 -0.125915,1.93593 0.724004,0.362 -0.251827,0.91288 0.881395,1.27487 -0.818439,-0.0157 -1.227658,-0.0315 -2.046095,-0.0472 -0.09444,0.34625 2.518271,-0.17314 1.951659,0.37773 -0.786959,-0.12587 -1.668354,0.0787 -2.486793,0.0629 0.283306,0.45644 2.833056,0.17313 2.707142,0.62957 -0.440697,0.11013 -2.297923,-0.61383 -2.455314,-0.0472 -0.03148,0.11013 0.78696,0.12586 1.196179,0.14165 -2.518272,0.17312 -3.91906,0.70826 -1.605398,1.32208 -0.802699,-0.0157 -1.935921,-0.25181 -2.770099,-0.17312 0,0 0,0 0,0 0.424958,0.0157 1.148961,0.14165 1.542441,0.14165 -0.472175,0 -0.96009,-0.0157 -1.432266,-0.0315 0.07869,0.0787 0.157392,0.15739 0.251827,0.2361 0.362001,0.0629 0.724002,0.12586 1.086005,0.14164 -0.314785,0 -0.629568,0 -0.960092,-0.0157 0.236088,0.18887 0.519394,0.362 0.818439,0.53514 1.133221,0.36199 2.219227,0.89713 2.833055,0.91286 4.957847,0.26758 9.947171,0.45643 14.905021,0.50366 z"
+     id="path28"
+     style="fill:#3f2655;fill-opacity:1;stroke-width:1.57392" />
+  <path
+     class="cls-1"
+     d="m 117.66234,93.32459 c 0,-0.267561 -0.14165,-0.535136 0.0787,-0.66105 0.69253,-0.251815 1.25914,0.645317 1.95167,0.393489 0.0157,-0.14166 0.0315,-0.283307 0.0472,-0.4407 0.53513,0.188871 1.10175,0.424954 1.6841,0.629571 1.05452,-0.06293 2.10905,-0.173139 3.16357,-0.314785 -0.0315,-0.157393 -0.0472,-0.299054 0.0629,-0.361997 0.4407,-0.110129 1.03878,0.03146 1.66835,0.07866 0.0944,-0.03147 0.18888,-0.0472 0.28331,-0.07866 0.0787,-0.0944 0.0944,-0.251829 0.0944,-0.346265 0.2833,0 0.53513,0.06293 0.77122,0.110129 3.06914,-0.865655 6.20124,-1.872963 9.58516,-2.864532 0.70828,-0.409219 1.43227,-0.802699 2.1248,-0.99157 1.02305,-0.173131 2.3294,0.110168 3.32097,0.173132 -0.15739,-1.542442 2.28218,-2.297923 1.79427,-3.856103 0.66105,0.03148 1.66835,0.07869 1.71557,-0.346271 0.15739,-1.306353 0.66105,-2.817316 2.42384,-3.604276 0.69251,-0.18887 1.74704,0.362002 1.99887,0.09444 0.37774,-0.424958 -0.89713,-0.928613 -0.51939,-1.337832 -5.13098,-0.472176 -10.07308,0.09444 -15.23554,0.07869 -1.76279,0.676785 -13.61441,0.975829 -16.66781,0.676785 -0.0944,0 -0.18887,0 -0.2833,0.01573 -1.66836,-0.0787 -3.68297,0.03148 -5.08376,0.613828 -0.64532,0.362001 -1.30636,0.802699 -1.95166,1.227657 0.29904,0.251827 0.58235,0.503654 0.83418,0.755482 -0.66105,-0.03148 -1.3221,-0.06296 -1.58966,0.204609 -1.41652,0.661046 -0.61383,1.432275 -0.0629,2.471062 0.39348,0.456436 -0.14166,1.1647 0.47218,1.636876 -0.4407,-0.01574 -0.66105,-0.03148 -1.10175,-0.06296 -0.0472,0.440698 1.36931,-0.220348 1.05452,0.487916 -0.42495,-0.173131 -0.89713,0.09444 -1.35356,0.07869 0.15739,0.598091 1.5267,0.220349 1.46375,0.8027 -0.2361,0.141652 -1.2434,-0.78696 -1.3221,-0.06296 -0.0157,0.141654 0.42496,0.173131 0.6453,0.173131 -1.3693,0.220349 -2.10905,0.912873 -0.86565,1.699834 -0.42496,-0.01573 -1.03878,-0.330524 -1.49522,-0.236088 0,0 0,0 0,0 0.23609,0.03148 0.61383,0.173131 0.83418,0.18887 -0.25183,0 -0.5194,-0.03148 -0.77123,-0.03148 0.0472,0.09444 0.0944,0.20461 0.14166,0.299045 0.18887,0.09444 0.39347,0.157393 0.59809,0.173139 -0.17314,0 -0.34626,-0.01573 -0.5194,-0.03146 0.12586,0.236083 0.2833,0.472179 0.4407,0.676783 0.61382,0.472178 1.19618,1.148961 1.5267,1.164707 2.67566,0.346251 5.36706,0.582347 8.05846,0.629558 z"
+     id="path29"
+     style="fill:#3f2655;fill-opacity:1;stroke-width:1.57392" />
+  <path
+     class="cls-1"
+     d="m 98.586433,113.95868 c 9.852737,-0.70827 21.877487,0.22034 31.824647,-0.4407 11.93031,-0.86565 24.8522,-0.86565 36.79824,-0.86565 0,0.44069 -0.99157,1.086 0,1.30635 3.98202,0.64531 3.98202,1.51096 3.98202,2.37662 0,0.4407 -2.97472,0 -1.98313,0.4407 -2.97472,0 -7.96404,0.22035 -4.97359,0.6453 0.99157,0.4407 4.97359,0 5.96515,0.64531 0.99157,0.6453 -0.99156,1.30635 0,1.95165 h 3.98201 c 0.99157,0.4407 -0.99157,1.30636 0,1.30636 2.99045,0.4407 6.95673,0.22035 10.93875,0.22035 0,0.4407 0.99157,0.86565 -0.99157,1.086 -34.79936,0.4407 -70.60604,1.30636 -105.405391,0.64531 -3.982017,-0.22035 -0.991569,-1.08601 1.983139,-1.73131 -0.99157,0.22035 -0.99157,-0.4407 -1.983139,-0.22035 0,-0.64531 1.983139,-1.73131 5.965155,-1.95166 h -2.990448 c -0.991568,-0.22035 0,-0.6453 0,-1.086 0.99157,0 1.98314,0 1.98314,-0.22035 v -0.86566 h -3.982017 c 0.99157,0 1.983138,0 1.983138,-0.22035 v -0.86565 c 1.98314,-0.22035 4.973586,0.22035 6.956726,0 v -0.64531 c -1.98314,-0.22035 -4.973586,0 -6.956726,0 0.99157,-0.22035 0.99157,-0.4407 0.99157,-0.86565 2.974708,-0.22035 5.965156,0.4407 8.939863,-0.22035 h -2.974707 c 1.983138,-1.08601 6.956724,-0.22035 9.94717,-0.42496 z"
+     id="path30"
+     style="fill:#3f2655;fill-opacity:1;stroke-width:1.57392" />
+  <path
+     class="cls-1"
+     d="m 148.0075,128.65909 h 2.29792 c -13.00057,-0.81845 -26.75663,-0.48791 -39.00172,-1.63688 -0.77121,-0.15739 -2.29792,-0.48792 -3.0534,-0.64531 -6.10681,-0.48791 -13.756056,-0.33052 -19.878604,0 -3.053405,0.15739 -5.351326,1.95167 -5.351326,1.95167 -0.771221,0.33052 -1.526703,0.97582 -0.771221,1.30635 1.526701,0.15738 5.351326,0.15738 5.351326,0.81843 0,0.1574 -0.755481,0.1574 -1.526702,0.1574 0,0.6453 -2.297923,1.95165 -3.053403,1.95165 -0.771221,0.33054 -5.351328,1.30636 -6.122547,1.63689 -2.297923,0.48791 4.595844,2.92748 7.649249,3.41539 1.526701,0.33053 0,0.81845 0,1.30636 1.526701,-0.1574 2.297922,0.33053 3.824624,0.15739 0,0.15739 4.580105,0.33053 6.878028,0.33053 0,0 0.771221,-0.15739 3.053405,-0.15739 0.77122,0 0.77122,-0.15739 0.77122,-0.33053 v 0.33053 c 0.771221,-0.33053 2.297921,0 3.069141,-0.15739 v 0.33051 c 1.5267,-0.33051 3.0534,0 4.5801,-0.15739 v 0.33053 c 0.77122,0 1.52671,0 1.52671,0.1574 v 0.33051 c 0.77122,0.1574 2.29792,-0.15739 2.29792,0.1574 v -0.33053 c 3.05341,0 5.35133,0.15739 7.64925,0.33053 6.12254,0.6453 13.77179,0.33052 20.64983,0 0.77122,0 1.52669,-0.33053 0.77122,-0.64531 h 2.29792 c 1.52669,0 0.77122,-0.48792 2.29792,-0.48792 12.24509,-0.81843 24.47444,0 36.7038,-0.48791 -3.0534,-0.1574 -5.35132,-0.48791 -8.40473,-0.33052 0,-0.15739 0,-0.48793 -0.77122,-0.48793 -4.59584,-0.15739 -9.94718,0.1574 -12.22935,-0.48791 -0.77122,-0.15739 -1.52671,-0.6453 -3.82463,-0.6453 h 2.29792 v -0.48791 c -3.05341,-0.1574 -6.87802,-0.33053 -9.94717,-0.48793 v -0.48791 h -1.52669 c -1.52671,-1.14896 6.87802,-0.97583 10.70264,-1.14896 v -0.6453 h -1.5267 v -0.33054 h 13.00057 -3.06914 c 0,-0.15738 0,-0.33051 -0.77122,-0.33051 3.05341,0 6.87803,0.15739 9.94718,-0.1574 0.77122,-0.15739 0,-0.6453 -2.29792,-0.81843 h -6.12255 v -0.33053 c 1.5267,0 3.82462,0.15739 5.35132,0 0.77123,-0.15739 -1.5267,-0.48791 -0.77122,-0.6453 0.77122,0 1.5267,0 2.29792,-0.1574 -2.29792,0 -5.35132,0.1574 -7.64924,0 -0.77123,-0.15739 -1.52671,-0.33051 -1.52671,-0.6453 -3.82462,0.15739 -6.87803,-0.33052 -9.17595,-1.13323 -0.77122,-0.33052 -4.59585,-0.15739 -6.87803,-0.15739 z"
+     id="path31"
+     style="fill:#3f2655;fill-opacity:1;stroke-width:1.57392" />
+  <path
+     class="cls-1"
+     d="m 154.08284,203.89245 c 0.88138,-0.0157 1.74704,-0.0315 2.62844,-0.0629 -14.92075,-0.50366 -30.69143,0.15738 -44.74654,-0.6768 -0.88139,-0.14165 -2.64417,-0.42495 -3.52557,-0.58235 -7.01968,-0.34626 -15.786413,0 -22.790355,0.48792 -3.509841,0.23609 -6.091069,2.07757 -6.091069,2.07757 -0.865655,0.34626 -1.731311,1.00731 -0.849916,1.3221 1.76279,0.12586 6.138285,0.0315 6.154025,0.67678 0,0.15739 -0.865656,0.18887 -1.747051,0.20461 0,0.64531 -2.581227,2.01462 -3.462622,2.03036 -0.865657,0.34626 -6.106808,1.43227 -6.972463,1.77853 -2.612708,0.55087 5.335586,2.81731 8.845427,3.24227 1.762789,0.2833 0.01573,0.81844 0.03148,1.30635 1.74705,-0.2046 2.644185,0.26758 4.391236,0.0629 0,0.15739 5.256891,0.22035 7.901075,0.15739 0,0 0.865657,-0.18887 3.494102,-0.23608 0.881395,-0.0157 0.881395,-0.18887 0.865656,-0.34626 q 0,0.15739 0,0.33052 c 0.865656,-0.34627 2.628445,-0.0629 3.509845,-0.23609 q 0,0.1574 0,0.33052 c 1.74705,-0.362 3.50983,-0.0787 5.25688,-0.26756 q 0,0.15739 0,0.33052 c 0.8814,-0.0157 1.74706,-0.0315 1.76279,0.12586 q 0,0.15741 0,0.33052 c 0.8814,0.14166 2.62845,-0.22034 2.62845,0.11013 q 0,-0.1574 0,-0.33052 c 3.50984,-0.0787 6.13828,0.0315 8.76672,0.14164 7.01969,0.50366 15.78642,0 23.67176,-0.50365 0.88139,-0.0157 1.74706,-0.362 0.86566,-0.67679 0.8814,-0.0157 1.76278,-0.0315 2.62844,-0.0629 1.74705,-0.0315 0.86565,-0.50365 2.6127,-0.55086 14.00789,-1.11749 28.06299,-0.5981 42.07088,-1.38506 -3.50984,-0.0944 -6.15403,-0.362 -9.64813,-0.12586 0,-0.1574 0,-0.48793 -0.8814,-0.47218 -5.27263,-0.0472 -11.39518,0.40922 -14.03936,-0.18887 -0.88139,-0.14166 -1.76279,-0.61383 -4.39123,-0.55087 0.88139,-0.0157 1.74704,-0.0315 2.62844,-0.0629 0,-0.15739 0,-0.48793 0,-0.48793 -3.50984,-0.0944 -7.90107,-0.15739 -11.41091,-0.25182 0,0 0,-0.33052 0,-0.48792 l -1.74705,0.0315 c -1.77854,-1.10174 7.86959,-1.14896 12.2451,-1.40079 0,-0.15739 0,-0.48791 0,-0.6453 l -1.74706,0.0315 v -0.33052 c 5.25688,-0.11013 9.63239,-0.20462 14.90502,-0.31478 -0.8814,0.0157 -2.62845,0.0629 -3.50984,0.0787 0,-0.15739 0,-0.33052 -0.8814,-0.31479 3.50984,-0.0787 7.90108,0 11.39518,-0.4092 0.86565,-0.18888 0,-0.64532 -2.64419,-0.75549 -2.62844,0.0629 -4.3755,0.0944 -7.01968,0.14165 v -0.33052 c 1.74705,-0.0315 4.37549,0.0629 6.13829,-0.12586 0.88139,-0.18887 -1.7628,-0.45644 -0.89713,-0.62957 0.88139,-0.0157 1.76279,-0.0315 2.62844,-0.22035 -2.62844,0.0629 -6.13828,0.29905 -8.76674,0.18887 -0.88138,-0.14165 -1.76278,-0.28331 -1.76278,-0.61383 -4.3755,0.25183 -7.90107,-0.15739 -10.54526,-0.91286 -0.8814,-0.31479 -5.27263,-0.0472 -7.90108,0 z"
+     id="path32"
+     style="fill:#3f2655;fill-opacity:1;stroke-width:1.57392" />
+  <path
+     class="cls-1"
+     d="m 111.42962,144.39828 c 0.2046,-0.53513 -1.14896,-0.73974 -1.60541,-0.96009 l -0.59808,0.17313 c -1.51097,0.18887 -1.55818,0.78696 -0.59809,1.11748 0.34627,-0.45643 1.95166,-0.44069 2.81731,-0.31478 z"
+     id="path33"
+     style="fill:#3f2655;fill-opacity:1;stroke-width:1.57392" />
+  <path
+     class="cls-1"
+     d="m 123.58027,144.03629 -0.20461,0.53512 1.85723,-0.17313 c -0.0472,-0.34626 -0.96009,-0.31478 -1.65262,-0.36199 z"
+     id="path34"
+     style="fill:#3f2655;fill-opacity:1;stroke-width:1.57392" />
+  <path
+     class="cls-1"
+     d="m 124.69775,144.91767 c -2.15626,0.18887 -5.0208,-1.02304 -6.12254,0.20462 -0.17313,-0.0787 0.0629,-0.14166 -0.12586,-0.2361 l -1.74705,0.20462 c -0.11013,0.29904 -0.47218,0.66104 -0.17314,0.97582 -0.40921,-0.0157 -0.75547,0.34627 -1.33782,0.2361 -1.46375,0 -0.17314,-0.61384 -0.69253,-0.86565 -3.68298,0.34625 -7.88533,0.42495 -11.37944,-0.22035 0,-1.05453 -4.029229,-0.89714 -5.713322,-0.83419 -3.383927,-0.92861 -7.302987,1.05454 -9.868477,0.17314 1.526703,-0.67679 4.139409,0.0629 4.438454,-0.67679 l -0.692524,-0.34626 c -1.57392,-0.2361 -4.092191,-0.73974 -5.020804,0.0472 0.881395,0.42496 0.928613,0.80269 1.227658,1.11748 -0.692525,0.18887 -0.818439,0.48792 -1.699834,0.59809 -1.290614,0.0787 -2.691403,-0.0629 -2.691403,-0.59809 0.708264,-0.18887 1.463746,0 2.109053,-0.0472 0.236088,-0.59809 -2.046095,-0.62957 -2.801577,-0.83417 1.337831,1.35356 -2.219227,1.93591 1.400788,2.80156 l -1.983138,0.28331 c -1.526702,1.21192 6.421591,1.16471 2.974708,2.50254 -0.346263,0.362 0.110169,0.77122 -1.054527,1.086 0.645307,0.48792 1.920183,0.40923 2.455315,0.12586 0.881394,0.96009 4.957846,0.11013 5.083761,1.40079 3.336709,-1.03879 4.894889,0.78696 7.932555,1.02305 3.856104,0.2833 1.337834,-0.77123 2.455314,-1.46375 1.92018,0.40923 3.8561,-0.25182 5.0208,-0.56661 1.05452,-0.0157 1.69984,0.47218 0.99157,0.66105 7.88533,1.16469 15.88085,1.51096 23.75044,1.62114 3.2108,0.84991 6.18551,-0.36201 9.33335,1.16469 l -0.5194,-0.25182 c -0.0787,-0.1574 0.33053,-0.22035 0.64532,-0.28331 -0.51941,-0.28331 -1.02305,-0.56662 -1.51098,-0.84991 0.92862,0.11013 1.87297,0.2046 2.80158,0.17313 1.0388,-1.02305 5.31986,0.0157 6.64194,-1.02305 5.1782,0.34626 3.00619,0.78696 8.23161,1.2434 2.78583,-0.37775 6.1068,-0.8814 9.42777,-0.75549 1.19619,0.0315 2.29792,0.5194 2.09332,0.73974 1.448,-0.0787 3.50984,-0.0944 4.98932,-0.0787 6.35863,-1.00732 -0.81844,-1.8887 -3.21079,-1.96741 0.55087,-0.78695 3.6987,-0.31478 3.38393,-1.05452 -0.14166,-0.31479 -0.26758,-0.62956 -0.66105,-0.81843 l -1.58966,0.40922 c -3.98202,-0.31479 1.65262,-0.9601 -1.02305,-1.65262 -0.58235,0.0315 -0.86565,0.0472 -1.10175,0.17313 -1.30634,0.39347 -0.92861,0.59809 -0.17313,0.97583 -3.79314,0.11013 -2.34513,-2.01461 -4.42272,-1.99888 -2.83304,0.26756 -1.086,1.57391 -1.77852,2.03036 0.0315,-1.29062 -5.13098,-2.28219 -9.30187,-2.36088 -3.90332,0.55087 -8.29454,-0.70826 -12.95335,0.0944 -1.99888,-0.1574 -4.59584,-0.45645 -7.2243,-0.56662 0,-0.0629 0,-0.14165 0,-0.2046 -0.0629,0.0472 -0.11013,0.11013 -0.11013,0.18886 -1.92018,-0.92862 -6.42159,0.42496 -6.87802,-1.03878"
+     id="path35"
+     style="fill:#3f2655;fill-opacity:1;stroke-width:1.57392" />
+  <path
+     class="cls-1"
+     d="m 179.18685,149.51352 c -3.60428,1.02305 -7.83811,-0.58235 -10.89152,1.086 0.84992,2.54975 6.09107,-0.12586 8.40472,0.67679 1.52671,-0.29904 2.42384,-0.55087 4.34402,-0.83418 1.41654,-0.53512 -0.89713,-0.8027 -1.85722,-0.92861 z"
+     id="path36"
+     style="fill:#3f2655;fill-opacity:1;stroke-width:1.57392" />
+  <path
+     class="cls-3"
+     d="m 149.10925,159.28756 h 2.34513 c -13.26813,-0.81843 -27.32323,-0.48791 -39.82016,-1.63688 -0.78696,-0.15739 -2.34513,-0.48791 -3.13209,-0.6453 -6.24846,-0.48791 -14.055104,-0.33052 -20.303565,0 -3.132101,0.15739 -5.461501,1.95166 -5.461501,1.95166 -0.78696,0.33052 -1.55818,0.97583 -0.78696,1.30635 1.55818,0.1574 5.461501,0.1574 5.461501,0.81845 0,0.15737 -0.771221,0.15737 -1.55818,0.15737 0,0.64532 -2.345141,1.95168 -3.116361,1.95168 -0.78696,0.33052 -5.461501,1.30635 -6.24846,1.63687 -2.345141,0.48791 4.69028,2.92749 7.80664,3.41541 1.558181,0.33051 0,0.81842 0,1.30635 1.558181,-0.15739 2.34514,0.33052 3.903321,0.15739 0,0.1574 4.674541,0.33052 7.01968,0.33052 0,0 0.786961,-0.15739 3.116361,-0.15739 0.78696,0 0.78696,-0.1574 0.78696,-0.33052 v 0.33052 c 0.78696,-0.33052 2.345144,0 3.132104,-0.1574 v 0.33054 c 1.55818,-0.33054 3.11636,0 4.67454,-0.1574 v 0.33052 c 0.78695,0 1.55818,0 1.55818,0.1574 v 0.33051 c 0.78696,0.1574 2.34514,-0.15739 2.34514,0.1574 v -0.33052 c 3.13209,0 5.46149,0.15739 7.80664,0.33052 6.24845,0.6453 14.0551,0.33053 21.09052,0 0.78696,0 1.55818,-0.33052 0.78696,-0.64531 h 2.34513 c 1.55819,0 0.78697,-0.48791 2.34515,-0.48791 12.49692,-0.81844 24.99384,0 37.49076,-0.48792 -3.1321,-0.1574 -5.4615,-0.48792 -8.5936,-0.33052 0,-0.1574 0,-0.48791 -0.78696,-0.48791 -4.69028,-0.1574 -10.15178,0.15739 -12.49692,-0.48793 -0.78696,-0.15738 -1.55818,-0.6453 -3.90333,-0.6453 h 2.34515 v -0.48791 c -3.1321,-0.1574 -7.03542,-0.33052 -10.15178,-0.48791 v -0.48793 h -1.55819 c -1.55818,-1.14896 7.03543,-0.97582 10.93875,-1.14896 v -0.64531 h -1.55818 v -0.33051 h 13.28388 -3.1321 c 0,-0.1574 0,-0.33052 -0.78697,-0.33052 3.1321,0 7.03543,0.15738 10.15179,-0.15739 0.78696,-0.1574 0,-0.64532 -2.34514,-0.81845 h -6.24846 v -0.33052 c 1.55818,0 3.90331,0.1574 5.4615,0 0.78696,-0.15739 -1.55819,-0.48792 -0.78695,-0.64531 0.78695,0 1.55817,0 2.34513,-0.1574 -2.34513,0 -5.4615,0.1574 -7.80665,0 -0.78695,-0.15738 -1.55817,-0.33051 -1.55817,-0.6453 -3.90333,0.15739 -7.01968,-0.33052 -9.36483,-1.13322 -0.78695,-0.33053 -4.69028,-0.15739 -7.03541,-0.15739 z"
+     id="path37"
+     style="fill:#3f2655;fill-opacity:1;stroke-width:1.57392" />
+  <path
+     class="cls-1"
+     d="m 103.11932,184.18696 c 0,-0.18887 -0.33052,-0.37774 0.20461,-0.47217 1.69983,-0.18886 3.0534,0.45644 4.75324,0.2833 0.0315,-0.11013 0.0787,-0.2046 0.12586,-0.31478 1.30636,0.12586 2.67565,0.29905 4.07644,0.45644 2.58123,-0.0472 5.13098,-0.12586 7.68073,-0.22035 -0.0629,-0.11012 -0.0944,-0.22035 0.1574,-0.26756 1.05452,-0.0787 2.534,0.0315 4.04498,0.0629 0.22033,-0.0157 0.45643,-0.0315 0.67678,-0.0472 0.17312,-0.0629 0.22035,-0.17312 0.25183,-0.23608 0.69251,0 1.30635,0.0472 1.87295,0.0787 7.47612,-0.61383 15.04668,-1.33784 23.27827,-2.0461 1.73132,-0.28331 3.47836,-0.56661 5.14673,-0.70826 2.48679,-0.12586 5.65037,0.0787 8.07421,0.12586 -0.37775,-1.10175 5.52445,-1.63689 4.34401,-2.75437 1.6054,0.0315 4.02923,0.0629 4.15515,-0.25181 0.37774,-0.92863 1.62114,-2.01463 5.9022,-2.5655 1.68408,-0.12586 4.24958,0.26757 4.84767,0.0787 0.92861,-0.29905 -2.17202,-0.66105 -1.24339,-0.96009 -12.44971,-0.33053 -24.45873,0.0629 -37.00285,0.0629 -4.26533,0.48791 -33.06805,0.70826 -40.46548,0.48791 -0.22035,0 -0.44069,0 -0.67678,0 -4.029236,-0.0629 -8.939865,0.0157 -12.35527,0.4407 -1.57392,0.25183 -3.163579,0.56661 -4.737498,0.88139 0.739742,0.18887 1.416528,0.36201 2.014617,0.53514 -1.621137,-0.0315 -3.226535,-0.0472 -3.840364,0.15739 -3.431144,0.47218 -1.495223,1.02305 -0.173131,1.76279 0.944352,0.33053 -0.330523,0.83417 1.148961,1.1647 -1.070265,0 -1.605398,-0.0157 -2.691402,-0.0472 -0.125914,0.31478 3.305231,-0.1574 2.565489,0.34626 -1.038787,-0.12586 -2.187749,0.0787 -3.273753,0.0629 0.37774,0.42496 3.73019,0.15739 3.557058,0.56662 -0.58235,0.0944 -3.021925,-0.56662 -3.226534,-0.0472 -0.04722,0.11013 1.038786,0.12586 1.573919,0.12586 -3.305232,0.15739 -5.130977,0.66105 -2.109053,1.21192 -1.054525,0 -2.53401,-0.23609 -3.635754,-0.1574 0,0 0,0 0,0 0.550873,0.0157 1.510964,0.12587 2.014617,0.12587 -0.629568,0 -1.259135,-0.0157 -1.888703,-0.0315 0.09444,0.0787 0.20461,0.14166 0.330523,0.22035 0.472176,0.0629 0.944352,0.11013 1.432267,0.12586 -0.409219,0 -0.834177,0 -1.259136,-0.0157 0.314784,0.17312 0.676785,0.33052 1.070266,0.48791 1.495223,0.33052 2.911751,0.81843 3.730189,0.83418 6.516027,0.25182 13.047793,0.42495 19.548082,0.45643 z"
+     id="path38"
+     style="fill:#3f2655;fill-opacity:1;stroke-width:1.57392" />
+  <path
+     class="cls-1"
+     d="m 115.09685,198.87163 c 0,0 -0.0315,0.12587 -0.11013,0.17314 -0.0787,0.0157 -0.14164,0.0472 -0.18887,0.0944 -0.99157,-0.0944 -1.96739,-0.18887 -2.94323,-0.29905 0.23609,-0.0315 0.47218,-0.17313 0.72401,-0.17313 1.08601,0.11013 1.30636,0.4407 2.53401,0.22035 z"
+     id="path39"
+     style="fill:#3f2655;fill-opacity:1;stroke-width:1.57392" />
+  <path
+     class="cls-1"
+     d="m 116.35598,198.91886 c 0.0157,0.14165 0.0472,0.26756 0.12586,0.37774 -0.55087,-0.0472 -1.11748,-0.11013 -1.66835,-0.15739 0.0629,-0.0315 0.12586,-0.0629 0.17313,-0.0944 0.36199,-0.0944 0.94435,0.0472 1.35358,-0.12586 z"
+     id="path40"
+     style="fill:#3f2655;fill-opacity:1;stroke-width:1.57392" />
+  <path
+     class="cls-1"
+     d="m 128.99456,199.98912 c 0.36199,0 0.67678,-0.28331 0.83417,-0.34627 0.91288,0.18887 1.84149,0.36201 2.9275,0.47218 0.17312,-0.0629 0.51939,-0.0787 0.86565,-0.22035 0.20461,0.11013 0.40922,0.20462 0.64531,0.28331 -2.39236,-0.0315 -4.8162,-0.0944 -7.33447,-0.18887 0.67679,-0.0157 1.36931,-0.0315 2.07757,0 z"
+     id="path41"
+     style="fill:#3f2655;fill-opacity:1;stroke-width:1.57392" />
+  <path
+     class="cls-1"
+     d="m 111.49257,198.80868 c -1.27487,-0.14165 -2.56549,-0.28331 -3.84036,-0.42496 1.36931,0.0157 2.59697,-0.18887 3.84036,0.42496 z"
+     id="path42"
+     style="fill:#3f2655;fill-opacity:1;stroke-width:1.57392" />
+  <path
+     class="cls-1"
+     d="m 146.41785,199.75303 c 0.50364,0.25183 1.07026,0.42496 1.69983,0.55087 -3.25801,-0.0472 -6.50029,-0.0629 -9.82126,-0.0787 v -0.0315 c 2.64418,-0.12586 6.46881,0.39348 8.12143,-0.4407 z"
+     id="path43"
+     style="fill:#3f2655;fill-opacity:1;stroke-width:1.57392" />
+  <path
+     class="cls-1"
+     d="m 114.98667,199.04477 c 0,0 -0.11013,0.0629 -0.17313,0.0944 0,0 0,0 0,0 0.0472,-0.0472 0.12587,-0.0629 0.18888,-0.0944 z"
+     id="path44"
+     style="fill:#3f2655;fill-opacity:1;stroke-width:1.57392" />
+  <path
+     class="cls-1"
+     d="m 163.95131,51.458324 -0.8027,-0.912873 c -0.55088,-0.598089 -1.086,-1.18044 -1.62114,-1.76279 -0.11012,-0.110168 -0.12586,-0.125914 -0.0787,-0.06296 0.15739,0.173132 0.20462,0.220349 0.31479,0.346263 l 1.40079,1.55818 0.70826,0.802699 c 0.23609,0.267566 0.53513,0.59809 0.4407,0.645307 -0.94435,-0.267566 -1.8887,-0.519393 -2.81732,-0.77122 -0.91287,-0.18887 -1.82574,-0.362003 -2.73862,-0.550873 -1.35356,-0.141652 -2.54975,-0.17313 -3.8561,-0.125914 -2.56549,0.110168 -5.1782,0.550871 -7.86959,1.023047 -0.75549,0.125914 -1.47948,0.251827 -2.20349,0.377742 -0.0944,0 -0.17314,0.03148 -0.26758,0.04721 -0.67678,0.09444 -1.33782,0.204609 -1.99887,0.299045 l 0.69253,-0.110168 c 0.45644,-0.0787 0.84991,-0.141654 0.88139,-0.173132 0,0 -0.0629,0 -0.17313,0 1.58967,-0.299044 3.25802,-0.613829 4.95785,-0.928613 0.40922,-0.06296 0.81844,-0.141652 1.32208,-0.220349 1.88872,-0.236088 3.8089,-0.472175 5.6976,-0.409219 h 0.47218 c 0.61382,0.03148 1.21192,0.0787 1.51096,0.06296 0.0944,0 0.15739,0 0.18887,0 1.63687,0.173131 3.90331,0.708264 5.9022,1.322093 l 0.0472,-0.09444 c 0,0 -0.14165,-0.173132 -0.22035,-0.267567 l -0.47217,-0.550872 -0.92861,-1.070265 c -0.61384,-0.692525 -1.29062,-1.432267 -1.88872,-2.046096 -0.97582,-0.991569 -1.99887,-1.93592 -3.02191,-2.817315 -0.1574,-0.141654 -0.2361,-0.204611 -0.22035,-0.173132 -0.0787,-0.07869 -0.11013,-0.09444 -0.20462,-0.173131 -0.362,-0.299045 -0.66104,-0.535133 -0.96009,-0.786959 0,0 0,0 0,0 0.0629,-0.06296 0.0944,-0.09444 0.0629,-0.06296 -0.0157,0.01573 -0.0787,0.04722 -0.0944,0.07869 0.0315,0.03148 0.0472,0.04721 0.0944,0.07869 0.33053,0.283306 0.69253,0.566612 1.086,0.897134 0.0157,0.01575 0.0472,0.03148 0.0787,0.06296 0.15739,0.141652 0.23608,0.220348 0.36199,0.330522 1.02305,0.912873 1.96741,1.825747 2.94323,2.817317 0.59809,0.613828 1.18044,1.259135 1.73132,1.888702 l 0.84991,0.960092 0.42496,0.503654 c 0,0 0.17313,0.18887 0.17313,0.220349 l -0.0787,0.06296 c -1.8887,-0.566612 -4.07644,-1.101743 -5.69758,-1.259136 1.55818,0.125914 3.66723,0.613829 5.57167,1.18044 l 0.0787,-0.04722 c 0,0 -0.11013,-0.141652 -0.15739,-0.204609 l -0.42496,-0.487916 -0.83417,-0.96009 c -0.55088,-0.629568 -1.11748,-1.227657 -1.66837,-1.810007 -0.47216,-0.456437 -0.94434,-0.928613 -1.40079,-1.385049 -0.48791,-0.440698 -0.96009,-0.881395 -1.43225,-1.322093 -0.47218,-0.409219 -0.94436,-0.818439 -1.40079,-1.227658 -0.0944,-0.07869 -0.15739,-0.110168 -0.15739,-0.110168 0,0 0.0787,0.07869 0.15739,0.141652 1.13321,0.960092 2.47105,2.172009 3.5728,3.273752 0.51939,0.503655 1.2906,1.306355 1.93591,2.014619 l 0.99157,1.117483 0.50365,0.56661 0.25183,0.283306 c 0,0 -0.0629,0.04722 -0.0944,0.06296 -1.29061,-0.362001 -2.62844,-0.755481 -3.96628,-0.96009 l -1.00731,-0.18887 -0.8027,-0.04723 c -0.55087,-0.03148 -1.086,-0.110181 -1.65262,-0.0787 h -0.67678 c 0.89713,-0.06296 1.77853,-0.01573 2.67567,0.03148 0.40922,0 0.96009,0.09444 1.47948,0.18887 l 1.51097,0.251827 2.0933,0.598089 c 0,0 0.18887,0.04722 0.14166,-0.04721 l -0.25183,-0.283306 -0.50365,-0.582351 -0.99157,-1.133222 -1.02305,-1.101744 -0.92861,-0.94435 c -0.61382,-0.61383 -1.2434,-1.211919 -1.8887,-1.794269 l -0.97584,-0.865656 -0.86565,-0.739742 c 0.69253,-0.629567 1.62114,-1.36931 2.534,-2.061834 0.20462,-0.157392 0.36202,-0.283306 0.34627,-0.283306 0,0 -0.18887,0.110168 -0.39348,0.267566 -0.92861,0.676786 -1.84149,1.38505 -2.62845,2.077574 1.25914,1.070265 2.67566,2.360879 3.90333,3.635755 l -0.45645,-0.42496 -0.44068,-0.424958 c -0.20462,-0.204609 -0.4407,-0.37774 -0.64532,-0.58235 -0.69252,-0.645306 -1.38505,-1.274874 -2.07757,-1.857225 -0.12586,-0.110168 -0.25183,-0.236088 -0.37773,-0.330522 0.23608,-0.220349 0.51939,-0.440698 0.78695,-0.661046 1.66835,-1.369311 3.35245,-2.581229 5.0208,-3.54132 0.23609,0.03148 0.26757,0 0.12586,-0.06296 0.0787,-0.04722 0.15739,-0.0787 0.23609,-0.125914 0.0472,0 0.11013,0.03148 0.14165,0.03148 0.22035,0.03148 0.0472,-0.04722 0,-0.07869 0,0 -0.0157,0 -0.0315,-0.01575 0.0315,-0.01573 0.0787,-0.04721 0.11012,-0.06296 0.0472,0 0.0787,0.01573 0.12587,0.03148 0,0 0.0629,0 0.14164,0.03148 0,0 0,0 0.25183,0.04722 0,0 0,0 0,-0.01575 q 0,0 -0.0787,-0.04721 c 0,0 -0.11013,-0.03148 -0.20461,-0.0787 -0.0315,0 -0.0787,-0.01573 -0.11012,-0.03148 0.2046,-0.110169 0.4092,-0.236088 0.61382,-0.330524 -0.0944,-0.03148 -0.18887,-0.04721 -0.28331,-0.07869 0.0944,-0.04722 0.17313,-0.09444 0.17313,-0.09444 0,0 -0.0944,0.03148 -0.2046,0.09444 -0.26757,-0.09444 -0.53514,-0.157391 -0.81845,-0.236088 0,0 0,0 0,0 0,0 0,0 0,0 -0.91286,-0.251827 -1.82574,-0.456437 -2.73861,-0.582351 0,0 0,0 0,0 0.51939,0.04722 0.84991,0.04722 0.99157,0.01575 l 0.0787,-0.03148 c -0.14164,-0.06296 -0.56661,-0.173132 -1.21191,-0.314784 -0.0629,-0.01573 -0.12587,-0.03148 -0.18888,-0.03148 0.0629,0 0.12587,-0.01573 0.18888,-0.01573 -0.83418,-0.18887 -2.50253,-0.39348 -3.55706,-0.440698 l -0.78696,-0.04722 c -0.40922,0 -1.02305,0 -1.71558,0.06296 0,0.03148 0,0.04722 0,0.07869 -0.0944,0 -0.18887,-0.03148 -0.2833,-0.04722 -0.17313,0 -0.33052,0.03148 -0.50365,0.04722 l -1.10175,0.125914 -0.69253,0.09444 c 1.13323,-0.18887 1.74706,-0.330524 1.57393,-0.393481 -0.0157,0 -0.0315,0 -0.0472,0 -0.37774,-0.06296 -2.0933,0.09444 -4.1394,0.424959 0,0 -0.0157,0 -0.0315,0 -3.28949,0.58235 -6.3429,1.196178 -9.31761,1.668354 -0.22035,-0.06296 -0.45643,-0.125914 -0.724,-0.157391 -0.0157,0.07869 -0.0472,0.220349 -0.12586,0.299045 -0.0944,0 -0.17313,0.03148 -0.26757,0.04721 -0.58234,-0.09444 -1.14896,-0.283304 -1.57391,-0.220349 -0.11013,0.04722 -0.11013,0.173133 -0.0944,0.314785 -1.00731,0.03148 -2.01463,0.03148 -3.02193,0 -0.53513,-0.236088 -1.03879,-0.503655 -1.54243,-0.708264 -0.0315,0.125914 -0.0629,0.251827 -0.0787,0.37774 -0.15739,0.03148 -0.31478,0.01573 -0.45643,-0.03148 -0.0472,-0.283306 -0.0944,-0.566612 -0.15739,-0.834179 -0.0629,0.251828 -0.12586,0.472176 -0.18887,0.676786 -0.0157,0 -0.0315,-0.01573 -0.0472,-0.03148 0,-0.613828 0,-1.211917 -0.0629,-1.448005 -0.20462,-1.479485 -0.4407,-0.645307 -0.75549,-0.07869 -0.14166,0.409219 -0.362,-0.141652 -0.50366,0.503655 0,-0.456437 0,-0.692525 0.0157,-1.164701 -0.12586,-0.04722 0.0629,1.432267 -0.1574,1.101744 0.0472,-0.440698 -0.0315,-0.944352 -0.0315,-1.416528 -0.18887,0.157392 -0.0629,1.605398 -0.25183,1.542442 -0.0472,-0.251827 0.23608,-1.306354 0.0157,-1.400789 -0.0472,-0.01575 -0.0472,0.440698 -0.0472,0.676786 -0.0629,-1.432268 -0.2833,-2.219227 -0.51939,-0.912874 0,-0.456437 0.0944,-1.086004 0.0629,-1.573919 0,0 0,0 0,0 0,0.236088 -0.0472,0.645306 -0.0629,0.865655 0,-0.267566 0,-0.550872 0,-0.818438 -0.0315,0.04721 -0.0629,0.09444 -0.0944,0.141653 -0.0315,0.204609 -0.0472,0.409219 -0.0472,0.613828 0,-0.173131 0,-0.362001 0,-0.535132 -0.0787,0.141652 -0.14165,0.283305 -0.2046,0.456437 -0.14166,0.645307 -0.36201,1.259135 -0.36201,1.605398 -0.11013,2.801576 -0.17313,5.634631 -0.18887,8.436208 0.0787,0 0.17313,-0.141652 0.20461,0.09444 0.0787,0.739741 -0.20461,1.322092 -0.12586,2.046094 0.0472,0.01573 0.0944,0.03148 0.12586,0.04723 -0.0629,0.566611 -0.12586,1.1647 -0.18887,1.762789 0.0157,1.117483 0.0472,2.219228 0.0944,3.320972 0.0472,-0.03148 0.0944,-0.04722 0.11013,0.06296 0.0315,0.456436 0,1.086005 -0.0315,1.747051 0,0.09444 0,0.188871 0.0157,0.283305 0.0315,0.0787 0.0787,0.09444 0.11013,0.110182 0,0.299045 -0.0157,0.56661 -0.0315,0.802698 0.26757,3.226536 0.56661,-1.621136 0.8814,1.935922 0.12586,0.75548 0.25182,1.495223 0.29904,2.219226 0.0472,1.070265 -0.0315,2.439575 -0.0472,3.478362 0.47218,-0.157392 0.70826,2.392358 1.18044,1.872965 0,0.125914 0,0.251827 0,0.393479 -1.63689,0.18887 -3.88759,0.236088 -4.65881,0.09444 -0.0315,0 -0.0787,0 -0.11012,0 -0.64531,-0.06296 -1.41653,0.01573 -1.96739,0.440697 -0.25183,0.251828 -0.50366,0.566611 -0.75549,0.881395 0.11013,0.18887 0.22035,0.362001 0.31479,0.535133 -0.25183,-0.03148 -0.51939,-0.04722 -0.61383,0.157392 -0.55088,0.472176 -0.2361,1.023047 -0.0315,1.76279 l -0.23609,1.117482 c -0.0157,0.314785 0.5194,-0.157391 0.40922,0.346263 -0.15739,-0.125914 -0.34626,0.07869 -0.51939,0.06296 0.0629,0.424958 0.59809,0.157392 0.56661,0.566611 -0.0944,0.09444 -0.47217,-0.566611 -0.5194,-0.04722 0,0.110168 0.15739,0.125914 0.25183,0.125914 -0.51939,0.157393 -0.81843,0.661046 -0.33052,1.211919 -0.17314,0 -0.40922,-0.236088 -0.58235,-0.157392 0,0 0,0 0,0 0.0944,0.01573 0.23609,0.125914 0.31479,0.125914 -0.0944,0 -0.20462,-0.01573 -0.29905,-0.03148 0,0.0787 0.0315,0.141653 0.0472,0.220349 0.0787,0.06296 0.15739,0.110168 0.22035,0.125914 -0.0629,0 -0.12587,0 -0.20462,-0.01573 0.0472,0.173131 0.11013,0.330523 0.17314,0.487915 0.23608,0.330523 0.45643,0.818438 0.59808,0.834177 1.03879,0.251828 2.07757,0.424959 3.10062,0.456437 0,-0.18887 -0.0472,-0.37774 0.0315,-0.472176 0.26758,-0.18887 0.48793,0.456437 0.75549,0.283306 0,-0.110168 0,-0.204609 0.0157,-0.314784 0.2046,0.125914 0.42495,0.299045 0.6453,0.456436 0.40923,-0.04722 0.81843,-0.125914 1.22766,-0.220348 0,-0.110169 0,-0.220349 0.0315,-0.267567 0.17314,-0.07869 0.40922,0.03148 0.6453,0.06296 0.0315,-0.01575 0.0787,-0.03148 0.11013,-0.04722 0.0315,-0.06296 0.0315,-0.173131 0.0315,-0.236088 0.11013,0 0.2046,0.04722 0.29904,0.0787 1.18044,-0.613829 2.39236,-1.337832 3.69871,-2.046096 0.28331,-0.283306 0.55087,-0.56661 0.81844,-0.708264 0.39348,-0.125914 0.89714,0.0787 1.27488,0.125915 -0.0629,-1.101744 0.88139,-1.636877 0.69252,-2.75436 0.25182,0.03148 0.64531,0.06296 0.66105,-0.251827 0.0629,-0.928613 0.25182,-2.014617 0.94435,-2.56549 0.26756,-0.125914 0.67679,0.267567 0.77122,0.07869 0.14165,-0.299045 -0.34626,-0.661046 -0.20462,-0.960091 -1.98313,-0.330523 -3.88757,0.06296 -5.88645,0.06296 -0.0315,0.01575 -0.0787,0.04722 -0.12586,0.06296 0,-3.352448 -0.0787,-6.689159 -0.0787,-10.136042 -0.0787,-0.676785 -0.14166,-1.699834 -0.17314,-2.864533 2.65992,0.708262 5.44576,0.849916 8.21585,0.661046 5.50873,-0.456437 10.43509,-1.98314 15.50311,-2.297923 0.69253,-0.01573 1.40079,-0.04722 2.14053,-0.06296 0.66105,0.03148 1.32211,0.06296 2.01462,0.110168 0.97584,0.18887 1.95166,0.377741 2.95897,0.58235 0.97584,0.251827 1.95166,0.519394 2.9275,0.771221 0.0472,-0.09444 -0.33053,-0.472176 -0.58236,-0.771221 z m -5.47725,-13.708839 h 0.0472 c 0,0 -0.66105,0.07869 -0.66105,0.07869 z"
+     id="path45"
+     style="fill:#3f2655;fill-opacity:1;stroke-width:1.57392" />
+  <path
+     class="cls-2"
+     d="m 76.756169,196.11728 c 3.698712,-0.20461 7.979773,0.51939 11.584049,-0.20461 -4.233844,-0.45644 -10.073085,-0.62957 -10.702654,-1.82575 -0.629568,-1.19618 5.792025,-0.11013 9.097255,-0.17313 q -0.440697,-0.12586 -0.881394,-0.25183 c 0.440697,0.12586 0.881394,0.25183 1.259135,0.11013 -0.881395,-0.25185 -2.581228,-0.48792 -3.053404,-0.8814 l 0.786959,-0.28331 c -2.234965,-0.89713 -6.421591,-1.086 -8.656556,-1.99888 10.875784,2.89602 26.032631,1.66837 39.269291,1.43227 7.39742,-0.40922 14.27545,-1.47948 20.71278,-2.65992 1.21192,-0.15739 4.1394,-0.0787 6.23272,0.0157 3.69871,-0.2046 7.39743,-0.40921 11.04891,-0.88138 7.79091,-0.55087 15.34572,0.12586 23.65602,-0.0315 1.65261,-0.0315 3.93479,1.13322 -0.1574,1.47948 -3.38392,0.40922 -6.81506,0.55087 -10.24621,0.56661 0.39347,-0.36199 2.03036,-0.15739 2.80158,-0.42495 -2.53401,-0.22035 -4.62733,-0.31479 -7.09838,-0.26757 1.65261,-0.0315 3.30523,-0.0629 4.95785,-0.0944 -4.13942,0.0787 -8.71952,0.0315 -13.23667,0.2361 -1.65262,0.0315 -3.10062,-1.14897 -5.44576,-0.29906 5.9022,0.40922 11.97753,0.86566 18.03712,0.84992 0,0 -0.0315,0.0157 -0.0315,0.0315 2.70713,-0.0472 5.14671,0 7.75942,-0.0157 -0.8027,0.0472 -1.63689,0.12586 -2.34515,0.0629 3.79315,0.33053 7.53907,0.39349 11.28501,0.47218 -10.57675,1.27487 -22.34965,0.40922 -33.05232,0.8814 3.0062,0.61382 7.00395,-0.26758 9.63239,0.48791 -4.91063,0 -9.83699,-0.0944 -14.87354,-0.25183 0.37775,-0.0472 0.73974,-0.0944 1.10175,-0.15739 -3.11636,-0.4407 -6.45307,-0.0787 -9.58516,-0.17313 -0.28331,0 -0.55089,-0.0315 -0.83419,-0.0315 0.2833,0.0157 0.55088,0.0315 0.83419,0.0315 2.86452,0.12586 5.69758,0.23608 8.46768,0.33052 -1.27488,0.14166 -2.62845,0.14166 -4.24958,0.0787 0.88139,0.25183 2.14053,0.362 3.39966,0.47217 1.66835,0.0157 3.32097,0.0315 4.95784,0.0787 -2.54974,0.0315 -5.05228,0.20461 -7.3502,0.50366 3.44688,0.25183 7.00395,0.26756 10.46657,0.40922 -1.90445,0.0472 -3.80888,0.0944 -5.71333,0.14165 -3.19506,-0.12586 -6.40586,-0.23609 -9.66387,-0.31479 0.12586,0 0.25183,0 0.37774,-0.0315 -0.25183,0 -0.48791,0 -0.73974,0 -1.27487,-0.0315 -2.54975,-0.0472 -3.84036,-0.0629 -1.14896,0.0157 -2.28219,0.17313 -3.39967,0.36199 -0.18887,0 -0.37774,0 -0.5666,0 0.36199,-0.11013 0.53512,-0.23608 -0.1574,-0.29904 -2.97471,-0.34626 -6.1855,0.25183 -9.58518,-0.22035 -0.89713,-0.12586 -2.0933,-0.0629 -3.39966,0.0472 -0.34626,-0.0944 -0.53513,-0.0315 -0.70826,0.0472 -0.2833,0.0157 -0.56661,0.0472 -0.84992,0.0629 -0.69253,0 -1.38504,0.0157 -2.06184,0.11013 0.6768,0 1.36931,-0.0629 2.06184,-0.11013 0.25183,0 0.51939,0 0.77122,-0.0315 -0.17313,0.0944 -0.362,0.22035 -0.73974,0.22035 4.76897,0.0787 9.69535,0.22035 14.66894,0.1574 -0.29906,0.0944 -0.72401,0.18887 -0.89715,0.25182 0.48793,-0.0944 0.97584,-0.17313 1.46375,-0.26757 1.60541,-0.0157 3.2108,-0.0629 4.81619,-0.14165 -0.47217,0.0629 -0.92861,0.17313 -1.30635,0.29904 4.56437,0.0629 9.16021,-0.0315 13.7718,-0.14164 4.31254,0.17312 8.5936,0.34626 12.85892,0.47217 -2.29793,-0.34626 -4.70602,-0.50365 -7.14559,-0.61382 6.50028,-0.15739 13.01631,-0.2361 19.5166,0.11013 -1.16471,0.42495 -2.78583,0.724 -3.50984,1.27487 0.0472,0.26756 2.14053,0.362 0.91288,0.51939 -4.43847,0.75549 -7.61778,0.0787 -9.42779,1.58966 -0.34626,0.40923 4.62733,1.85723 3.02193,2.15628 -1.33783,0.14165 -3.74592,0.26756 -6.3429,0.362 -0.75547,-0.0472 -1.5267,-0.0629 -2.3294,-0.0629 -0.0944,-0.0315 -0.26756,0.0629 -0.47218,0.15739 -2.81731,0.0629 -5.47723,0.0787 -6.97246,-0.0157 -0.55087,-0.0315 -1.10173,-0.0629 -1.63687,-0.0944 -0.28331,-0.0787 -0.53514,-0.18887 -0.72401,-0.33052 -0.34626,0.11013 -0.69253,0.18887 -1.02304,0.23609 -1.46375,-0.0787 -2.89602,-0.12587 -4.32829,-0.17313 -0.8027,-0.12586 -1.58965,-0.28331 -2.37661,-0.39348 0.0157,0.0944 0.14165,0.22035 0,0.31479 -1.79427,-0.0472 -3.5728,-0.0787 -5.35133,-0.0944 -0.724,-0.12586 -1.38505,-0.29905 -1.96739,-0.55088 -1.93593,0.83418 -6.37438,0.31479 -9.475,0.4407 v 0.0315 c -1.55819,0 -3.11637,-0.0315 -4.70602,-0.0472 -0.26757,-0.0787 -0.50365,-0.17314 -0.73975,-0.28331 -0.39348,0.14165 -0.8027,0.1574 -1.0073,0.22035 -1.25914,-0.11012 -2.3294,-0.29905 -3.39967,-0.47218 -0.18887,0.0787 -0.5666,0.34627 -0.97582,0.362 -0.83418,-0.0315 -1.63688,-0.0157 -2.42384,0 -0.91288,-0.0315 -1.84149,-0.0629 -2.78584,-0.11013 -3.16358,-0.14166 -6.279938,-0.34626 -9.36482,-0.59809 -0.09444,-0.11013 -0.125915,-0.23608 -0.141654,-0.37774 -0.472175,0.17314 -1.14896,0.0315 -1.573919,0.12586 0.07869,-0.0472 0.141653,-0.0944 0.125914,-0.17313 -1.416528,0.22035 -1.684095,-0.11013 -2.94323,-0.22035 -0.283306,0 -0.550872,0.14165 -0.834177,0.17313 -0.141653,0 -0.283306,-0.0315 -0.424958,-0.0315 -1.432267,-0.59808 -2.864534,-0.40922 -4.469933,-0.42495 -1.589658,-0.15739 -3.195055,-0.31479 -4.784714,-0.47218 -1.259137,-0.11013 -1.747052,-0.50366 -2.628447,-0.75549 z"
+     id="path49"
+     style="fill:#3f2655;fill-opacity:1;stroke-width:1.57392" />
+</svg>
diff --git a/hosts/pbx/services/fieldpoc/mkphonebook.py b/hosts/pbx/services/fieldpoc/mkphonebook.py
index 94221bf..5deff0b 100644
--- a/hosts/pbx/services/fieldpoc/mkphonebook.py
+++ b/hosts/pbx/services/fieldpoc/mkphonebook.py
@@ -35,6 +35,12 @@ def generate_html(extensions):
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>Telefonbuch</title>
+    <link rel="icon" type="image/png" href="/favicon-96x96.png" sizes="96x96" />
+    <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
+    <link rel="shortcut icon" href="/favicon.ico" />
+    <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png" />
+    <meta name="apple-mobile-web-app-title" content="Telefonbuch" />
+    <link rel="manifest" href="/site.webmanifest" />
     <style>
         body {
             font-family: system-ui, sans-serif;
diff --git a/hosts/pbx/services/webserver.nix b/hosts/pbx/services/webserver.nix
index 583b446..0e460dc 100644
--- a/hosts/pbx/services/webserver.nix
+++ b/hosts/pbx/services/webserver.nix
@@ -1,6 +1,4 @@
-{config, ...}: let
-  domain = "tel.weinturm.de";
-in {
+{config, ...}: {
   networking.firewall.allowedTCPPorts = [
     config.services.nginx.defaultHTTPListenPort
     config.services.nginx.defaultSSLListenPort
@@ -21,13 +19,5 @@ in {
       add_header X-Content-Type-Options nosniff;
       add_header X-Frame-Options SAMEORIGIN;
     '';
-    virtualHosts = {
-      "${domain}" = {
-        serverAliases = ["tel.weinturm-open-air.de"];
-        enableACME = true;
-        forceSSL = true;
-        root = "/persist/html";
-      };
-    };
   };
 }