nixos/modules/services/misc/siproxd.nix at 17.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / misc / siproxd.nix
at 17.09-beta 4.6 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6
  7  cfg = config.services.siproxd;
  8
  9  conf = ''
 10    daemonize = 0
 11    rtp_proxy_enable = 1
 12    user = siproxd
 13    if_inbound  = ${cfg.ifInbound}
 14    if_outbound = ${cfg.ifOutbound}
 15    sip_listen_port = ${toString cfg.sipListenPort}
 16    rtp_port_low    = ${toString cfg.rtpPortLow}
 17    rtp_port_high   = ${toString cfg.rtpPortHigh}
 18    rtp_dscp        = ${toString cfg.rtpDscp}
 19    sip_dscp        = ${toString cfg.sipDscp}
 20    ${optionalString (cfg.hostsAllowReg != []) "hosts_allow_reg = ${concatStringsSep "," cfg.hostsAllowReg}"}
 21    ${optionalString (cfg.hostsAllowSip != []) "hosts_allow_sip = ${concatStringsSep "," cfg.hostsAllowSip}"}
 22    ${optionalString (cfg.hostsDenySip != []) "hosts_deny_sip  = ${concatStringsSep "," cfg.hostsDenySip}"}
 23    ${if (cfg.passwordFile != "") then "proxy_auth_pwfile = ${cfg.passwordFile}" else ""}
 24    ${cfg.extraConfig}
 25  '';
 26
 27  confFile = builtins.toFile "siproxd.conf" conf;
 28
 29in
 30{
 31  ##### interface
 32
 33  options = {
 34
 35    services.siproxd = {
 36
 37      enable = mkOption {
 38        type = types.bool;
 39        default = false;
 40        description = ''
 41          Whether to enable the Siproxd SIP 
 42	  proxy/masquerading daemon.
 43        '';
 44      };
 45
 46      ifInbound = mkOption {
 47        type = types.str;
 48        example = "eth0";
 49        description = "Local network interface";
 50      };
 51
 52      ifOutbound = mkOption {
 53        type = types.str;
 54        example = "ppp0";
 55        description = "Public network interface";
 56      };
 57
 58      hostsAllowReg = mkOption {
 59        type = types.listOf types.str;
 60	default = [ ];
 61        example = [ "192.168.1.0/24" "192.168.2.0/24" ];
 62	description = ''
 63          Acess control list for incoming SIP registrations.
 64        '';
 65      };
 66
 67      hostsAllowSip = mkOption {
 68        type = types.listOf types.str;
 69	default = [ ];
 70        example = [ "123.45.0.0/16" "123.46.0.0/16" ];
 71	description = ''
 72          Acess control list for incoming SIP traffic.
 73        '';
 74      };
 75
 76      hostsDenySip = mkOption {
 77        type = types.listOf types.str;
 78	default = [ ];
 79        example = [ "10.0.0.0/8" "11.0.0.0/8" ];
 80	description = ''
 81          Acess control list for denying incoming
 82	   SIP registrations and traffic.
 83        '';
 84      };
 85
 86      sipListenPort = mkOption {
 87        type = types.int;
 88        default = 5060;
 89        description = ''
 90	  Port to listen for incoming SIP messages.
 91        '';
 92      };
 93
 94      rtpPortLow = mkOption {
 95        type = types.int;
 96        default = 7070;
 97        description = ''
 98         Bottom of UDP port range for incoming and outgoing RTP traffic
 99        '';
100      };
101
102      rtpPortHigh = mkOption {
103        type = types.int;
104        default = 7089;
105        description = ''
106         Top of UDP port range for incoming and outgoing RTP traffic
107        '';
108      };
109
110      rtpTimeout = mkOption {
111        type = types.int;
112        default = 300;
113        description = ''
114          Timeout for an RTP stream. If for the specified 
115          number of seconds no data is relayed on an active
116          stream, it is considered dead and will be killed.
117        '';
118      };
119
120      rtpDscp = mkOption {
121        type = types.int;
122        default = 46;
123        description = ''
124          DSCP (differentiated services) value to be assigned
125          to RTP packets. Allows QOS aware routers to handle 
126          different types traffic with different priorities.
127        '';
128      };
129
130      sipDscp = mkOption {
131        type = types.int;
132        default = 0;
133        description = ''
134          DSCP (differentiated services) value to be assigned
135          to SIP packets. Allows QOS aware routers to handle 
136          different types traffic with different priorities.
137        '';
138      };
139
140      passwordFile = mkOption {
141        type = types.str;
142        default = "";
143        description = ''
144          Path to per-user password file.
145        '';
146      };
147
148      extraConfig = mkOption {
149        type = types.lines;
150        default = "";
151        description = ''
152          Extra configuration to add to siproxd configuration.
153        '';
154      };
155
156    };
157
158  };
159
160  ##### implementation
161
162  config = mkIf cfg.enable {
163
164    users.extraUsers = singleton {
165      name = "siproxyd";
166      uid = config.ids.uids.siproxd;
167    };
168
169    systemd.services.siproxd = {
170      description = "SIP proxy/masquerading daemon";
171      wantedBy = [ "multi-user.target" ];
172      after = [ "network.target" ];
173      serviceConfig = {
174        ExecStart = "${pkgs.siproxd}/sbin/siproxd -c ${confFile}";
175      };
176    };
177
178  };
179
180}