nixos/modules/services/misc/siproxd.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / misc / siproxd.nix
at 23.11-pre 4.7 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6
  7  cfg = config.services.siproxd;
  8
  9  conf = ''
 10    daemonize = 0
 11    rtp_proxy_enable = 1
 12    user = siproxd
 13    if_inbound  = ${cfg.ifInbound}
 14    if_outbound = ${cfg.ifOutbound}
 15    sip_listen_port = ${toString cfg.sipListenPort}
 16    rtp_port_low    = ${toString cfg.rtpPortLow}
 17    rtp_port_high   = ${toString cfg.rtpPortHigh}
 18    rtp_dscp        = ${toString cfg.rtpDscp}
 19    sip_dscp        = ${toString cfg.sipDscp}
 20    ${optionalString (cfg.hostsAllowReg != []) "hosts_allow_reg = ${concatStringsSep "," cfg.hostsAllowReg}"}
 21    ${optionalString (cfg.hostsAllowSip != []) "hosts_allow_sip = ${concatStringsSep "," cfg.hostsAllowSip}"}
 22    ${optionalString (cfg.hostsDenySip != []) "hosts_deny_sip  = ${concatStringsSep "," cfg.hostsDenySip}"}
 23    ${optionalString (cfg.passwordFile != "") "proxy_auth_pwfile = ${cfg.passwordFile}"}
 24    ${cfg.extraConfig}
 25  '';
 26
 27  confFile = builtins.toFile "siproxd.conf" conf;
 28
 29in
 30{
 31  ##### interface
 32
 33  options = {
 34
 35    services.siproxd = {
 36
 37      enable = mkOption {
 38        type = types.bool;
 39        default = false;
 40        description = lib.mdDoc ''
 41          Whether to enable the Siproxd SIP
 42          proxy/masquerading daemon.
 43        '';
 44      };
 45
 46      ifInbound = mkOption {
 47        type = types.str;
 48        example = "eth0";
 49        description = lib.mdDoc "Local network interface";
 50      };
 51
 52      ifOutbound = mkOption {
 53        type = types.str;
 54        example = "ppp0";
 55        description = lib.mdDoc "Public network interface";
 56      };
 57
 58      hostsAllowReg = mkOption {
 59        type = types.listOf types.str;
 60        default = [ ];
 61        example = [ "192.168.1.0/24" "192.168.2.0/24" ];
 62        description = lib.mdDoc ''
 63          Access control list for incoming SIP registrations.
 64        '';
 65      };
 66
 67      hostsAllowSip = mkOption {
 68        type = types.listOf types.str;
 69        default = [ ];
 70        example = [ "123.45.0.0/16" "123.46.0.0/16" ];
 71        description = lib.mdDoc ''
 72          Access control list for incoming SIP traffic.
 73        '';
 74      };
 75
 76      hostsDenySip = mkOption {
 77        type = types.listOf types.str;
 78        default = [ ];
 79        example = [ "10.0.0.0/8" "11.0.0.0/8" ];
 80        description = lib.mdDoc ''
 81          Access control list for denying incoming
 82          SIP registrations and traffic.
 83        '';
 84      };
 85
 86      sipListenPort = mkOption {
 87        type = types.int;
 88        default = 5060;
 89        description = lib.mdDoc ''
 90          Port to listen for incoming SIP messages.
 91        '';
 92      };
 93
 94      rtpPortLow = mkOption {
 95        type = types.int;
 96        default = 7070;
 97        description = lib.mdDoc ''
 98         Bottom of UDP port range for incoming and outgoing RTP traffic
 99        '';
100      };
101
102      rtpPortHigh = mkOption {
103        type = types.int;
104        default = 7089;
105        description = lib.mdDoc ''
106         Top of UDP port range for incoming and outgoing RTP traffic
107        '';
108      };
109
110      rtpTimeout = mkOption {
111        type = types.int;
112        default = 300;
113        description = lib.mdDoc ''
114          Timeout for an RTP stream. If for the specified
115          number of seconds no data is relayed on an active
116          stream, it is considered dead and will be killed.
117        '';
118      };
119
120      rtpDscp = mkOption {
121        type = types.int;
122        default = 46;
123        description = lib.mdDoc ''
124          DSCP (differentiated services) value to be assigned
125          to RTP packets. Allows QOS aware routers to handle
126          different types traffic with different priorities.
127        '';
128      };
129
130      sipDscp = mkOption {
131        type = types.int;
132        default = 0;
133        description = lib.mdDoc ''
134          DSCP (differentiated services) value to be assigned
135          to SIP packets. Allows QOS aware routers to handle
136          different types traffic with different priorities.
137        '';
138      };
139
140      passwordFile = mkOption {
141        type = types.str;
142        default = "";
143        description = lib.mdDoc ''
144          Path to per-user password file.
145        '';
146      };
147
148      extraConfig = mkOption {
149        type = types.lines;
150        default = "";
151        description = lib.mdDoc ''
152          Extra configuration to add to siproxd configuration.
153        '';
154      };
155
156    };
157
158  };
159
160  ##### implementation
161
162  config = mkIf cfg.enable {
163
164    users.users.siproxyd = {
165      uid = config.ids.uids.siproxd;
166    };
167
168    systemd.services.siproxd = {
169      description = "SIP proxy/masquerading daemon";
170      wantedBy = [ "multi-user.target" ];
171      after = [ "network.target" ];
172      serviceConfig = {
173        ExecStart = "${pkgs.siproxd}/sbin/siproxd -c ${confFile}";
174      };
175    };
176
177  };
178
179}