nixos/modules/services/misc/siproxd.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / misc / siproxd.nix
at 25.11-pre 4.9 kB view raw
  1{
  2  config,
  3  lib,
  4  pkgs,
  5  ...
  6}:
  7let
  8
  9  cfg = config.services.siproxd;
 10
 11  conf = ''
 12    daemonize = 0
 13    rtp_proxy_enable = 1
 14    user = siproxd
 15    if_inbound  = ${cfg.ifInbound}
 16    if_outbound = ${cfg.ifOutbound}
 17    sip_listen_port = ${toString cfg.sipListenPort}
 18    rtp_port_low    = ${toString cfg.rtpPortLow}
 19    rtp_port_high   = ${toString cfg.rtpPortHigh}
 20    rtp_dscp        = ${toString cfg.rtpDscp}
 21    sip_dscp        = ${toString cfg.sipDscp}
 22    ${lib.optionalString (
 23      cfg.hostsAllowReg != [ ]
 24    ) "hosts_allow_reg = ${lib.concatStringsSep "," cfg.hostsAllowReg}"}
 25    ${lib.optionalString (
 26      cfg.hostsAllowSip != [ ]
 27    ) "hosts_allow_sip = ${lib.concatStringsSep "," cfg.hostsAllowSip}"}
 28    ${lib.optionalString (
 29      cfg.hostsDenySip != [ ]
 30    ) "hosts_deny_sip  = ${lib.concatStringsSep "," cfg.hostsDenySip}"}
 31    ${lib.optionalString (cfg.passwordFile != "") "proxy_auth_pwfile = ${cfg.passwordFile}"}
 32    ${cfg.extraConfig}
 33  '';
 34
 35  confFile = builtins.toFile "siproxd.conf" conf;
 36
 37in
 38{
 39  ##### interface
 40
 41  options = {
 42
 43    services.siproxd = {
 44
 45      enable = lib.mkOption {
 46        type = lib.types.bool;
 47        default = false;
 48        description = ''
 49          Whether to enable the Siproxd SIP
 50          proxy/masquerading daemon.
 51        '';
 52      };
 53
 54      ifInbound = lib.mkOption {
 55        type = lib.types.str;
 56        example = "eth0";
 57        description = "Local network interface";
 58      };
 59
 60      ifOutbound = lib.mkOption {
 61        type = lib.types.str;
 62        example = "ppp0";
 63        description = "Public network interface";
 64      };
 65
 66      hostsAllowReg = lib.mkOption {
 67        type = lib.types.listOf lib.types.str;
 68        default = [ ];
 69        example = [
 70          "192.168.1.0/24"
 71          "192.168.2.0/24"
 72        ];
 73        description = ''
 74          Access control list for incoming SIP registrations.
 75        '';
 76      };
 77
 78      hostsAllowSip = lib.mkOption {
 79        type = lib.types.listOf lib.types.str;
 80        default = [ ];
 81        example = [
 82          "123.45.0.0/16"
 83          "123.46.0.0/16"
 84        ];
 85        description = ''
 86          Access control list for incoming SIP traffic.
 87        '';
 88      };
 89
 90      hostsDenySip = lib.mkOption {
 91        type = lib.types.listOf lib.types.str;
 92        default = [ ];
 93        example = [
 94          "10.0.0.0/8"
 95          "11.0.0.0/8"
 96        ];
 97        description = ''
 98          Access control list for denying incoming
 99          SIP registrations and traffic.
100        '';
101      };
102
103      sipListenPort = lib.mkOption {
104        type = lib.types.int;
105        default = 5060;
106        description = ''
107          Port to listen for incoming SIP messages.
108        '';
109      };
110
111      rtpPortLow = lib.mkOption {
112        type = lib.types.int;
113        default = 7070;
114        description = ''
115          Bottom of UDP port range for incoming and outgoing RTP traffic
116        '';
117      };
118
119      rtpPortHigh = lib.mkOption {
120        type = lib.types.int;
121        default = 7089;
122        description = ''
123          Top of UDP port range for incoming and outgoing RTP traffic
124        '';
125      };
126
127      rtpTimeout = lib.mkOption {
128        type = lib.types.int;
129        default = 300;
130        description = ''
131          Timeout for an RTP stream. If for the specified
132          number of seconds no data is relayed on an active
133          stream, it is considered dead and will be killed.
134        '';
135      };
136
137      rtpDscp = lib.mkOption {
138        type = lib.types.int;
139        default = 46;
140        description = ''
141          DSCP (differentiated services) value to be assigned
142          to RTP packets. Allows QOS aware routers to handle
143          different types traffic with different priorities.
144        '';
145      };
146
147      sipDscp = lib.mkOption {
148        type = lib.types.int;
149        default = 0;
150        description = ''
151          DSCP (differentiated services) value to be assigned
152          to SIP packets. Allows QOS aware routers to handle
153          different types traffic with different priorities.
154        '';
155      };
156
157      passwordFile = lib.mkOption {
158        type = lib.types.str;
159        default = "";
160        description = ''
161          Path to per-user password file.
162        '';
163      };
164
165      extraConfig = lib.mkOption {
166        type = lib.types.lines;
167        default = "";
168        description = ''
169          Extra configuration to add to siproxd configuration.
170        '';
171      };
172
173    };
174
175  };
176
177  ##### implementation
178
179  config = lib.mkIf cfg.enable {
180
181    users.users.siproxyd = {
182      uid = config.ids.uids.siproxd;
183    };
184
185    systemd.services.siproxd = {
186      description = "SIP proxy/masquerading daemon";
187      wantedBy = [ "multi-user.target" ];
188      after = [ "network.target" ];
189      serviceConfig = {
190        ExecStart = "${pkgs.siproxd}/sbin/siproxd -c ${confFile}";
191      };
192    };
193
194  };
195
196}