weinturm-infra/hosts/pbx/services/fieldpoc.nix

{config, ...}: let
  ommIp = "192.168.98.11";
  rtpPorts = {
    from = 11000;
    to = 11250;
  };
in {
  sops.secrets."fieldpoc/omm" = {
    sopsFile = ../secrets.yaml;
    owner = "fieldpoc";
  };
  sops.secrets."fieldpoc/sip" = {
    sopsFile = ../secrets.yaml;
    owner = "fieldpoc";
  };

  networking.firewall.interfaces.voice = {
    allowedUDPPorts = [53 5060];
    allowedUDPPortRanges = [
      {
        inherit (rtpPorts) from;
        inherit (rtpPorts) to;
      }
    ];
  };
  networking.firewall.interfaces.jugendtreff = {
    allowedUDPPortRanges = [
      {
        inherit (rtpPorts) from;
        inherit (rtpPorts) to;
      }
    ];
  };

  environment.persistence."/persist".directories = [
    {
      directory = "/var/lib/fieldpoc";
      user = "fieldpoc";
      group = "fieldpoc";
      mode = "u=rwx,g=,o=";
    }
    {
      directory = "/var/lib/postgresql";
      user = "postgres";
      group = "postgres";
      mode = "u=rwx,g=rx,o=";
    }
  ];

  services = {
    yate.config.yrtpchan.general = {
      minport = rtpPorts.from;
      maxport = rtpPorts.to;
    };

    dnscache = {
      enable = true;
      clientIps = ["192.168.98"];
    };

    fieldpoc = {
      enable = true;
      inherit ommIp;
      ommUser = "omm";
      ommPasswordPath = config.sops.secrets."fieldpoc/omm".path;
      sipsecretPath = config.sops.secrets."fieldpoc/sip".path;

      dhcp = {
        enable = true;
        interface = "voice";
        subnet = "192.168.98.0/24";
        pool = "192.168.98.100 - 192.168.98.250";
        router = "192.168.98.1";
        dnsServers = "192.168.98.1";
        omm = ommIp;
        reservations = [
          {
            name = "rfp-01";
            macAddress = "00:30:42:1b:23:ed";
            ipAddress = ommIp;
          }
          {
            name = "rfp-02";
            macAddress = "00:30:42:1b:21:c1";
            ipAddress = "192.168.98.12";
          }
          {
            name = "rfp-03";
            macAddress = "00:30:42:1b:26:f6";
            ipAddress = "192.168.98.13";
          }
          {
            name = "rfp-04";
            macAddress = "00:30:42:1b:22:3b";
            ipAddress = "192.168.98.14";
          }
          {
            name = "rfp-05";
            macAddress = "00:30:42:1b:22:7c";
            ipAddress = "192.168.98.15";
          }
        ];
      };
    };
  };
}