From 1cfac7b8a6d0ec71dc3faf3852261e377b474bcd Mon Sep 17 00:00:00 2001 From: kurogeek Date: Wed, 29 Oct 2025 15:57:02 +0700 Subject: [PATCH] mob next [ci-skip] [ci skip] [skip ci] lastFile:modules/clan/phonebox/default.nix --- modules/clan/phonebox/default.nix | 421 +++++++++++++++--------------- 1 file changed, 214 insertions(+), 207 deletions(-) diff --git a/modules/clan/phonebox/default.nix b/modules/clan/phonebox/default.nix index 0c64014..455fe44 100644 --- a/modules/clan/phonebox/default.nix +++ b/modules/clan/phonebox/default.nix @@ -6,233 +6,240 @@ manifest.categories = [ "System" ]; roles.default = { - perInstance.nixosModule = + perInstance = { - lib, - config, - ... + instanceName, + roles, }: - let - user = "asterisk"; - ata-interface = ""; - rtpPortFrom = 10000; - rtpPortTo = 20000; - - genServerSIPEndpoint = - { hostname, address }: - '' - [${hostname}](internal_endpoint) - aors=${hostname} - - [${hostname}](ip_auth) - endpoint=${hostname} - match=[${address}] - - [${hostname}](dynamiic_aor) - contact=sip:[${address}] - ''; - - genLocalSIPEndpoint = - { localNumber }: - '' - [${localNumber}](internal_endpoint) - aors=${localNumber} - auth=${localNumber} - - [${localNumber}](userpass_auth) - username=${localNumber} - password=ENV(SIP_PASSWORD) - - [${localNumber}](dynamiic_aor) - max_contacts=1 - ''; - - genLocalExtenConf = - { localNumber }: - '' - exten => ${localNumber},1,Dial(PJSIP/${localNumber},20) - ''; - genExtentConf = - { prefixNumber, hostname }: - '' - exten => _${prefixNumber}XXX,1,Dial(PJSIP/$${EXTEN:1}@${hostname},30) - ''; - - in { - clan.core.vars.generators.phonebox = { - files = { - server-prefix-number.secret = false; - ata-local-number.secret = false; - ata-password = { - owner = user; - group = user; - secret = true; + nixosModule = + { + lib, + config, + ... + }: + let + user = "asterisk"; + ata-interface = ""; + rtpPortFrom = 10000; + rtpPortTo = 20000; + + genServerSIPEndpoint = + { hostname, address }: + '' + [${hostname}](internal_endpoint) + aors=${hostname} + + [${hostname}](ip_auth) + endpoint=${hostname} + match=[${address}] + + [${hostname}](dynamiic_aor) + contact=sip:[${address}] + ''; + + genLocalSIPEndpoint = + { localNumber }: + '' + [${localNumber}](internal_endpoint) + aors=${localNumber} + auth=${localNumber} + + [${localNumber}](userpass_auth) + username=${localNumber} + password=ENV(SIP_PASSWORD) + + [${localNumber}](dynamiic_aor) + max_contacts=1 + ''; + + genLocalExtenConf = + { localNumber }: + '' + exten => ${localNumber},1,Dial(PJSIP/${localNumber},20) + ''; + genExtentConf = + { prefixNumber, hostname }: + '' + exten => _${prefixNumber}XXX,1,Dial(PJSIP/$${EXTEN:1}@${hostname},30) + ''; + + in + { + clan.core.vars.generators.phonebox = { + files = { + server-prefix-number.secret = false; + ata-local-number.secret = false; + ata-password = { + owner = user; + group = user; + secret = true; + }; + }; + + prompts = { + server-prefix-number = { + persist = true; + type = "line"; + description = "Server prefix number: the first number of [X000]"; + }; + ata-local-number = { + persist = true; + type = "line"; + description = "Local suffix number: 3 last number of [0XXX]"; + }; + ata-password = { + persist = true; + type = "hidden"; + description = "Password for SIP registration."; + }; + }; + + script = '' + cat $prompts/server-prefix-number > $out/server-prefix-number + cat $prompts/ata-local-number > $out/ata-local-number + cat $prompts/ata-password > $out/ata-password + ''; }; - }; - prompts = { - server-prefix-number = { - persist = true; - type = "line"; - description = "Server prefix number: the first number of [X000]"; + systemd.services.asterisk.serviceConfig = { + LoadCredential = [ + "sip_password_filepath:${config.clan.core.vars.generators.phonebox.files.ata-password.path}" + ]; + + Environment = [ + "SIP_PASSWORD=%d/sip_password_filepath" + ]; }; - ata-local-number = { - persist = true; - type = "line"; - description = "Local suffix number: 3 last number of [0XXX]"; + + networking.interfaces = { + ${ata-interface} = { + useDHCP = false; + ipv4.addresses = [ + { + address = "192.168.254.1"; + prefixLength = 24; + } + ]; + }; }; - ata-password = { - persist = true; - type = "hidden"; - description = "Password for SIP registration."; + + services.dnsmasq = { + enable = true; + + settings = { + bind-interfaces = true; + # enable-ra = true; + domain-needed = true; + domain = "localhost"; + dhcp-range = [ + "192.168.254.100,192.168.254.100,255.255.255.0,24h" + ]; + dhcp-option = [ + "3,192.168.254.1" + ]; + interface = [ ata-interface ]; + }; }; - }; - script = '' - cat $prompts/server-prefix-number > $out/server-prefix-number - cat $prompts/ata-local-number > $out/ata-local-number - cat $prompts/ata-password > $out/ata-password - ''; - }; + services.nginx = { + enable = true; + virtualHosts = { + "_" = { + locations."/" = { + proxyPass = "http://192.168.254.100"; + }; + }; + }; + }; - systemd.services.asterisk.serviceConfig = { - LoadCredential = [ - "sip_password_filepath:${config.clan.core.vars.generators.phonebox.files.ata-password.path}" - ]; - - Environment = [ - "SIP_PASSWORD=%d/sip_password_filepath" - ]; - }; - - networking.interfaces = { - ${ata-interface} = { - useDHCP = false; - ipv4.addresses = [ + networking.firewall.allowedUDPPortRanges = [ { - address = "192.168.254.1"; - prefixLength = 24; + from = rtpPortFrom; + to = rtpPortTo; } ]; - }; - }; - services.dnsmasq = { - enable = true; - - settings = { - bind-interfaces = true; - # enable-ra = true; - domain-needed = true; - domain = "localhost"; - dhcp-range = [ - "192.168.254.100,192.168.254.100,255.255.255.0,24h" + networking.firewall.allowedUDPPorts = [ + 53 + 67 + 5060 ]; - dhcp-option = [ - "3,192.168.254.1" + networking.firewall.allowedTCPPorts = [ + 53 + 80 ]; - interface = [ ata-interface ]; - }; - }; - services.nginx = { - enable = true; - virtualHosts = { - "_" = { - locations."/" = { - proxyPass = "http://192.168.254.100"; + services.asterisk = { + enable = lib.mkDefault true; + confFiles = { + "logger.conf" = '' + [general] + dateformat = %F %T.%3q ; ISO 8601 date format with milliseconds + use_callids = yes + appendhostname = no + queue_log = yes + queue_log_to_file = no + queue_log_name = queue_log + queue_log_realtime_use_gmt = no + rotatestrategy = rotate + exec_after_rotate=gzip -9 $\{filename\}.2 + [logfiles] + console => notice,warning,error + security => security + messages => notice,warning,error + full => notice,warning,error,verbose,dtmf,fax + syslog.local0 => notice,warning,error + ''; + # Dial plan config + "extensions.conf" = '' + [from-internal] + exten => 100,1,Answer() + same => n,Playback(hello-world) + same => n,Hangup() + + ''; + + "rtp.conf" = '' + [general] + rtpstart=${rtpPortFrom} + rtpend=${rtpPortTo} + ''; + + "pjsip.conf" = '' + [transport-udp] + type=transport + protocol=udp + bind=0.0.0.0 + [transport-udp6] + type=transport + protocol=udp + bind=:: + + [base_endpoint](!) + type=endpoint + disallow=all + allow=ulaw,alaw,g722,gsm + direct_media=no + + [internal_endpoint](!,base_endpoint) + context=from-internal + + [userpass_auth](!) + type=auth + auth_type=userpass + + [ip_auth](!) + type=identify + endpoint=external + + [dynamiic_aor](!) + type=aor + + ''; }; }; }; - }; - - networking.firewall.allowedUDPPortRanges = [ - { - from = rtpPortFrom; - to = rtpPortTo; - } - ]; - - networking.firewall.allowedUDPPorts = [ - 53 - 67 - 5060 - ]; - networking.firewall.allowedTCPPorts = [ - 53 - 80 - ]; - - services.asterisk = { - enable = lib.mkDefault true; - confFiles = { - "logger.conf" = '' - [general] - dateformat = %F %T.%3q ; ISO 8601 date format with milliseconds - use_callids = yes - appendhostname = no - queue_log = yes - queue_log_to_file = no - queue_log_name = queue_log - queue_log_realtime_use_gmt = no - rotatestrategy = rotate - exec_after_rotate=gzip -9 $\{filename\}.2 - [logfiles] - console => notice,warning,error - security => security - messages => notice,warning,error - full => notice,warning,error,verbose,dtmf,fax - syslog.local0 => notice,warning,error - ''; - # Dial plan config - "extensions.conf" = '' - [from-internal] - exten => 100,1,Answer() - same => n,Playback(hello-world) - same => n,Hangup() - - ''; - - "rtp.conf" = '' - [general] - rtpstart=${rtpPortFrom} - rtpend=${rtpPortTo} - ''; - - "pjsip.conf" = '' - [transport-udp] - type=transport - protocol=udp - bind=0.0.0.0 - [transport-udp6] - type=transport - protocol=udp - bind=:: - - [base_endpoint](!) - type=endpoint - disallow=all - allow=ulaw,alaw,g722,gsm - direct_media=no - - [internal_endpoint](!,base_endpoint) - context=from-internal - - [userpass_auth](!) - type=auth - auth_type=userpass - - [ip_auth](!) - type=identify - endpoint=external - - [dynamiic_aor](!) - type=aor - - ''; - }; - }; }; }; }