diff --git a/config/hosts/athame/configuration.nix b/config/hosts/athame/configuration.nix index 351f100c..d67bb8eb 100644 --- a/config/hosts/athame/configuration.nix +++ b/config/hosts/athame/configuration.nix @@ -10,6 +10,7 @@ ./virtualhosts.nix # services ./mail.nix + ./phone.nix ./gitea.nix ./nextcloud.nix ./bitwarden.nix @@ -33,9 +34,16 @@ interfaces.enp1s0.useDHCP = true; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - + networking.firewall.allowedTCPPorts = [ 80 443 5160 5060 ]; + networking.firewall.allowedUDPPorts = [ 5160 5060 ]; + networking.firewall.allowedTCPPortRanges = [{ + from = 10000; + to = 20000; + }]; + networking.firewall.allowedUDPPortRanges = [{ + from = 10000; + to = 20000; + }]; system.stateVersion = "20.09"; } diff --git a/config/hosts/athame/phone.nix b/config/hosts/athame/phone.nix new file mode 100644 index 00000000..1e78659b --- /dev/null +++ b/config/hosts/athame/phone.nix @@ -0,0 +1,129 @@ +{ config, pkgs, ... }: + +let secrets = (import ../../../secrets.nix); +in { + services.asterisk = { + enable = true; + confFiles = { + "extensions.conf" = '' + [outbound] + exten => _1NXXNXXXXXX,1,Dial(PJSIP/''${EXTEN}@signalwire) + + [from-signalwire] + exten => s,1,Set(numb=''${CUT(CUT(PJSIP_HEADER(read,To),@,1),:,2)}) + same => n,Goto(''${numb:1},1) ; Using ''${numb:1} simply strips away the first character or number, in this case a‘+’ + exten => ${secrets.hosts.athame.phone.number},1,Dial(SIP/1337,20) + + [from-internal] + exten => _.,1,Set(CALLERID(all)="kat" <+${secrets.hosts.athame.phone.number}>) + same => n,Dial(PJSIP/''${EXTEN}@signalwire) + same => n(end),Hangup() + ''; + "pjproject.conf" = '' + ; Common pjproject options + ; + + ;========================LOG_MAPPINGS SECTION OPTIONS=============================== + ;[log_mappings] + ; SYNOPSIS: Provides pjproject to Asterisk log level mappings. + ; NOTES: The name of this section in the pjproject.conf configuration file must + ; remain log_mappings or the configuration will not be applied. + ; The defaults mentioned below only apply if this file or the 'log_mappings' + ; object can'tbe found. If the object is found, there are no defaults. If + ; you don't specify an entry, nothing will be logged for that level. + ; + ;asterisk_error = ; A comma separated list of pjproject log levels to map to + ; Asterisk errors. + ; (default: "0,1") + ;asterisk_warning = ; A comma separated list of pjproject log levels to map to + ; Asterisk warnings. + ; (default: "2") + ;asterisk_notice = ; A comma separated list of pjproject log levels to map to + ; Asterisk notices. + ; (default: "") + ;asterisk_verbose = ; A comma separated list of pjproject log levels to map to + ; Asterisk verbose. + ; (default: "") + ;asterisk_debug = ; A comma separated list of pjproject log levels to map to + ; Asterisk debug + ; (default: "3,4,5") + ;type= ; Must be of type log_mappings (default: "") + + ''; + "sip.conf" = '' + [general] + ;; Only uncomment this if you want to connect to a different SIP server and receive calls from it + context=public + allowguest=no + udpbindaddr=0.0.0.0:5160 + tcpbindaddr=0.0.0.0:5160 + tcpenable=yes + transport=udp,tcp + disallow=all + allow=speex32 + allow=g722 + allow=ulaw + allow=alaw + allow=gsm + allow=g726 + + [1337] + type=friend + context=from-internal + host=dynamic + secret=${secrets.hosts.athame.phone.password} + nat=force_rport,comedia + ''; + "pjsip.conf" = '' + [transport-udp] + type=transport + protocol=udp + bind=0.0.0.0 + + [signalwire] + type=auth + auth_type=userpass + username=asterisk ; Your username + password=${secrets.hosts.athame.phone.endpoint.password} + + [signalwire] + type=aor + contact=sip:${secrets.hosts.athame.phone.endpoint.url} + + [signalwire] + type=endpoint + transport=transport-udp + outbound_auth=signalwire ; Note that there is only an outbound_auth, as we do not challenge when a call arrives inbound + aors=signalwire + disallow=all + allow=speex32 + allow=g722 + allow=ulaw + allow=alaw + allow=gsm + allow=g726 + from_user=asterisk + from_domain=${secrets.hosts.athame.phone.endpoint.url} + media_encryption=sdes ; Note that we are using encryption + context=from-signalwire + + [signalwire] + type=registration + server_uri=sip:${secrets.hosts.athame.phone.endpoint.url} + client_uri=sip:asterisk@${secrets.hosts.athame.phone.endpoint.url}; Your full SIP URI + outbound_auth=signalwire + + [signalwire] + type=identify + endpoint=signalwire + match=${secrets.hosts.athame.phone.endpoint.url} + ''; + "logger.conf" = '' + [general] + [logfiles] + ; Add debug output to log + syslog.local0 => notice,warning,error,debug + ''; + }; + }; +} diff --git a/config/users/kat/desktop.nix b/config/users/kat/desktop.nix index 14e21da8..5618b3e7 100644 --- a/config/users/kat/desktop.nix +++ b/config/users/kat/desktop.nix @@ -36,6 +36,7 @@ in { transmission-gtk jdk11 lm_sensors + baresip psmisc unstable.discord tdesktop diff --git a/modules/default.nix b/modules/default.nix index c15550ae..b2753026 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,5 +1,4 @@ { ... }: -{ - imports = [ ./deploy ]; -} +let sources = import ../nix/sources.nix; +in { imports = [ ./deploy ]; }