diff --git a/hosts/athame/nixos/default.nix b/hosts/athame/nixos/default.nix index 8d95397b..d603c7eb 100644 --- a/hosts/athame/nixos/default.nix +++ b/hosts/athame/nixos/default.nix @@ -30,6 +30,8 @@ with lib; ../../../services/node-exporter.nix ../../../services/promtail.nix ../../../services/netdata.nix + ../../../services/znc.nix + ../../../services/asterisk.nix ]; boot.loader.grub.enable = true; diff --git a/services/asterisk.nix b/services/asterisk.nix new file mode 100644 index 00000000..1ed902c4 --- /dev/null +++ b/services/asterisk.nix @@ -0,0 +1,57 @@ + +{ config, lib, pkgs, tf, ... }: + +with lib; + +{ + katnet.public.tcp.ports = [ 5160 5060 ]; + katnet.public.udp.ports = [ 5160 5060 ]; + + katnet.public.tcp.ranges = [{ + from = 10000; + to = 20000; + }]; + + katnet.public.udp.ranges = [{ + from = 10000; + to = 20000; + }]; + + services.fail2ban.jails = { + asterisk = '' + enabled = true + filter = asterisk + action = nftables-allports + logpath = /var/log/asterisk/messages + maxretry = 4 + ''; + }; + + environment.systemPackages = with pkgs; [ asterisk ]; + + users.groups.asterisk = { + name = "asterisk"; + }; + + users.users.asterisk = { + name = "asterisk"; + group = "asterisk"; + home = "/var/lib/asterisk"; + isSystemUser = true; + }; + + systemd.services.asterisk = { + description = "Asterisk PBX Server"; + + wantedBy = [ "multi-user.target" ]; + + restartIfChanged = false; + + serviceConfig = { + ExecStart = "${pkgs.asterisk}/bin/asterisk -U asterisk -C /etc/asterisk/asterisk.conf -F"; + ExecReload = "${pkgs.asterisk}/bin/asterisk -x 'core reload'"; + Type = "forking"; + PIDFile = "/run/asterisk/asterisk.pid"; + }; + }; +} diff --git a/services/znc.nix b/services/znc.nix new file mode 100644 index 00000000..56edd21c --- /dev/null +++ b/services/znc.nix @@ -0,0 +1,10 @@ +{ config, ... }: + +{ + services.znc = { + enable = true; + mutable = false; + useLegacyConfig = false; + openFirewall = false; + }; +}