From 056f125cc02e1adad4680e38e3e1518e9b2592e6 Mon Sep 17 00:00:00 2001
From: Correl Roush <correlr@aweber.com>
Date: Sun, 24 Nov 2024 20:06:18 -0500
Subject: [PATCH] Add asterisk configuration

---
 asterisk.yml                                |   5 +
 inventory.yml                               |   1 +
 roles/asterisk/handlers/main.yml            |   2 +
 roles/asterisk/tasks/main.yml               |  13 +++
 roles/asterisk/templates/extensions.conf.j2 |  15 +++
 roles/asterisk/templates/pjsip.conf.j2      |  85 ++++++++++++++
 roles/asterisk/templates/sip.conf.j2        | 120 ++++++++++++++++++++
 7 files changed, 241 insertions(+)
 create mode 100644 asterisk.yml
 create mode 100644 roles/asterisk/handlers/main.yml
 create mode 100644 roles/asterisk/tasks/main.yml
 create mode 100644 roles/asterisk/templates/extensions.conf.j2
 create mode 100644 roles/asterisk/templates/pjsip.conf.j2
 create mode 100644 roles/asterisk/templates/sip.conf.j2

diff --git a/asterisk.yml b/asterisk.yml
new file mode 100644
index 0000000..e34faf8
--- /dev/null
+++ b/asterisk.yml
@@ -0,0 +1,5 @@
+- name: Manage asterisk server
+  hosts: asterisk
+  become: true
+  roles:
+    - asterisk
diff --git a/inventory.yml b/inventory.yml
index b041872..9d3371d 100644
--- a/inventory.yml
+++ b/inventory.yml
@@ -27,6 +27,7 @@ proxmox:
       ansible_host: 192.168.1.14
     asterisk:
       ansible_host: 192.168.1.21
+      ansible_user: root
     heimdall:
       ansible_host: heimdall-dashboard.sailmaker.fenix.lgbt
 
diff --git a/roles/asterisk/handlers/main.yml b/roles/asterisk/handlers/main.yml
new file mode 100644
index 0000000..7699788
--- /dev/null
+++ b/roles/asterisk/handlers/main.yml
@@ -0,0 +1,2 @@
+- name: reload dialplan
+  command: asterisk -rx 'dialplan reload'
diff --git a/roles/asterisk/tasks/main.yml b/roles/asterisk/tasks/main.yml
new file mode 100644
index 0000000..315a346
--- /dev/null
+++ b/roles/asterisk/tasks/main.yml
@@ -0,0 +1,13 @@
+- name: Configure extensions
+  template:
+    src: extensions.conf.j2
+    dest: /etc/asterisk/extensions.conf
+  notify: reload dialplan
+- name: Configure SIP devices
+  template:
+    src: sip.conf.j2
+    dest: /etc/asterisk/sip.conf
+- name: Configure SIP clients
+  template:
+    src: pjsip.conf.j2
+    dest: /etc/asterisk/pjsip.conf
diff --git a/roles/asterisk/templates/extensions.conf.j2 b/roles/asterisk/templates/extensions.conf.j2
new file mode 100644
index 0000000..6693816
--- /dev/null
+++ b/roles/asterisk/templates/extensions.conf.j2
@@ -0,0 +1,15 @@
+[from-internal]
+exten => 700,1,Answer()
+    same = n,Wait(1)
+    same = n,Playback(hello-world)
+    same = n,Wait(1)
+    same = n,Playback(tt-monkeys)
+    same = n,Hangup()
+
+; 3-digit extensions dial their associated devices
+exten => _XXX,1,Dial(PJSIP/${EXTEN})
+    same = n,Hangup()
+
+; 7+ digit calls are routed outside via the PSTN
+exten => _NXXXXXX.,1,Dial(PJSIP/pstn/${EXTEN})
+    same = n,Hangup()
diff --git a/roles/asterisk/templates/pjsip.conf.j2 b/roles/asterisk/templates/pjsip.conf.j2
new file mode 100644
index 0000000..f058f2b
--- /dev/null
+++ b/roles/asterisk/templates/pjsip.conf.j2
@@ -0,0 +1,85 @@
+[transport-udp]
+type=transport
+protocol=udp
+bind=0.0.0.0
+
+[transport-tcp]
+type=transport
+protocol=tcp
+bind=0.0.0.0
+
+[100]
+type=endpoint
+context=from-internal
+disallow=all
+allow=ulaw
+auth=100
+aors=100
+
+[100]
+type=auth
+auth_type=userpass
+password=mJzTGkXdh02OVXGOaxcH8V3To
+username=100
+
+[100]
+type=aor
+max_contacts=1
+; Remove existing registrations when registering. The cisco seems to
+; reregister using different ports, which leaves it hanging without
+; this set.
+remove_existing=yes
+
+[101]
+type=endpoint
+context=from-internal
+disallow=all
+allow=ulaw
+auth=101
+aors=101
+
+[101]
+type=auth
+auth_type=userpass
+password=5KVzU5Ez77lIIv4SAyzDOnMWo
+username=101
+
+[101]
+type=aor
+max_contacts=1
+
+[102]
+type=endpoint
+context=from-internal
+disallow=all
+allow=ulaw
+auth=102
+aors=102
+
+[102]
+type=auth
+auth_type=userpass
+password=mpHoQ29k2AiH4EN7IXL9vnE9j
+username=102
+
+[102]
+type=aor
+max_contacts=1
+
+[pstn]
+type=endpoint
+context=from-internal
+disallow=all
+allow=ulaw
+auth=pstn
+aors=pstn
+
+[pstn]
+type=auth
+auth_type=userpass
+password=wiUxqCvXIPPGexXj3y0htFRho
+username=pstn
+
+[pstn]
+type=aor
+max_contacts=1
diff --git a/roles/asterisk/templates/sip.conf.j2 b/roles/asterisk/templates/sip.conf.j2
new file mode 100644
index 0000000..cfa3c31
--- /dev/null
+++ b/roles/asterisk/templates/sip.conf.j2
@@ -0,0 +1,120 @@
+[extension](!)
+type=friend
+context=extensions
+host=dynamic
+trustrpid=no
+parkinglot=default
+allowsubscribe=yes
+notifyhold=no
+callcounter=yes
+videosupport=no
+disallow=all
+allow=g722,ulaw,alaw,g729
+
+[cisco-usecallmanager](!,extension)
+transport=tcp
+nat=no
+directmedia=no
+sendrpid=rpid
+rpid_update=yes
+rpid_immediate=yes
+send_diversion=yes
+dndbusy=yes
+cisco_usecallmanager=yes
+cisco_pickupnotify_alert=from,to
+cisco_pickupnotify_timer=5
+cisco_keep_conference=no
+cisco_multiadmin_conference=yes
+huntgroup_default=no
+
+[general]
+; Only the following ciphers are supported, phone may fail to connect if others are specified
+tlscipher=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA
+; NULL cipher is only needed if you are using Authenticated mode, otherwise is should not be enabled
+;tlscipher+=:NULL
+
+[non-secure-mode](!)
+transport=tcp
+
+[authenticated-mode](!)
+transport=tls
+
+[encrypted-mode](!)
+transport=tls
+; The res_srtp module must be loaded.
+encryption=yes
+encryption_taglen=80
+
+[cisco-7941](!,cisco-usecallmanager)
+; These should match <busyTrigger> and <maxNumCalls> in SEPMAC.cnf.xml
+busylevel=3
+call-limit=4
+; Force huntgroup login so that the prompt does not show the logged out message
+huntgroup_default=yes
+
+[cisco-8841](!,cisco-usecallmanager)
+busylevel=4
+call-limit=5
+
+[cisco-8865](!,cisco-usecallmanager)
+busylevel=4
+call-limit=5
+; <videoCapability> also needs to be enabled in SEPMAC.cnf.xml
+videosupport=yes
+; Allow the video codec
+allow=h264
+
+[cisco-9951](!,cisco-usecallmanager)
+busylevel=5
+call-limit=6
+; <videoCapability> also needs to be enabled in SEPMAC.cnf.xml
+videosupport=yes
+; Allow the video codec
+allow=h264
+
+[100](cisco-8841,non-secure-mode)
+secret=mJzTGkXdh02OVXGOaxcH8V3To
+callerid="Correl" <100>
+description=Correl
+callgroup=1
+pickupgroup=1
+mailbox=100@default
+; Extensions that the phone is watching, they need to be configured in SEPMAC.cnf.xml as well
+; subscribe=301
+; subscribe=303
+; subscribe=381
+
+[101](extension)
+secret=5KVzU5Ez77lIIv4SAyzDOnMWo
+callerid="Correl" <101>
+description=Correl
+callgroup=1
+pickupgroup=1
+mailbox=101@default
+; Extensions that the phone is watching, they need to be configured in SEPMAC.cnf.xml as well
+; subscribe=301
+; subscribe=303
+; subscribe=381
+
+[102](extension)
+secret=mpHoQ29k2AiH4EN7IXL9vnE9j
+callerid="Conference" <102>
+description=Conference
+callgroup=1
+pickupgroup=1
+mailbox=102@default
+; Extensions that the phone is watching, they need to be configured in SEPMAC.cnf.xml as well
+; subscribe=301
+; subscribe=303
+; subscribe=381
+
+[pstn]
+type=friend
+host=dynamic
+context=incoming
+secret=wiUxqCvXIPPGexXj3y0htFRho
+callerid="PSTN"
+description=PSTN
+callgroup=1
+pickupgroup=1
+mailbox=pstn@default