{ config, pkgs, lib, ... }:

{
  services.yate = {
    enable = true;
    config = {
      regfile.yate.password = "yate";
      regexroute = "[default]
^4933921999799\\(.*\\)$=sip/sip:\\1@10.42.10.6

\${sip_x-dialout-allowed}^1$=goto dialout

[dialout]
\${username}^$=-;error=noauth
^.*$=sip/sip:\\0;line=sipgate;osip_P-Preferred-Identity=<sip:4933921999799\${caller}@sipconnect.sipgate.de>;caller=3400888t0;domain=sipconnect.sipgate.de;";
      ysipchan.general = {
        ignorevia = "yes";
      };
      ysnmpagent = {
        general.port = 161;
        snmp_v2.ro_community = "yate";
      };
    };
  };

  networking.firewall.allowedUDPPorts = [ 161 ];

  sops.secrets.sipgate_password = {
    owner = "yate";
    restartUnits = [ "yate.service" ];
  };

  #networking.hosts."2001:ab7::9" = [ "sipconnect.sipgate.de" ];

  systemd.services.yate = {
    preStart = let
      accfile = pkgs.writeText "accfile.conf" (lib.generators.toINI { } {
        sipgate = {
          enabled = "yes";
          protocol = "sip";
          username = "3400888t0";
          authname = "3400888t0";
          password = "!!sipgate_password!!";
          registrar = "sipconnect.sipgate.de";
          localaddress = "yes";
        };
      });
    in ''
      ${pkgs.gnused}/bin/sed -e "s/!!sipgate_password!!/$(cat ${config.sops.secrets.sipgate_password.path})/g" ${accfile} > /etc/yate/accfile.conf
    '';
    serviceConfig.PermissionsStartOnly = true;
  };
}