{ config, pkgs, lib, ... }:

{
  services.yate = {
    enable = true;
    config = {
      regfile.yate.password = "yate";
      regexroute = "[default]
^4933921999799\\(.*\\)$=lateroute/yate;osip_x-called=\\1
\${sip_x-dialout-allowed}^1$=goto dialout

[dialout]
\${username}^$=-;error=noauth
^.*$=sip/sip:\\0;line=sipgate;osip_P-Preferred-Identity=<sip:4933921999799\${caller}@sipconnect.sipgate.de>;caller=3400888t0;domain=sipconnect.sipgate.de;";
    };
  };

  sops.secrets.sipgate_password = {
    owner = "yate";
    restartUnits = [ "yate.service" ];
  };

  systemd.services.yate = {
    preStart = let
      accfile = pkgs.writeText "accfile.conf" (lib.generators.toINI { } {
        sipgate = {
          enabled = "yes";
          protocol = "sip";
          username = "3400888t0";
          authname = "3400888t0";
          password = "!!sipgate_password!!";
          registrar = "sipconnect.sipgate.de";
          localaddress = "yes";
        };
      });
    in ''
      ${pkgs.gnused}/bin/sed -e "s/!!sipgate_password!!/$(cat ${config.sops.secrets.sipgate_password.path})/g" ${accfile} > /etc/yate/accfile.conf
    '';
    serviceConfig.PermissionsStartOnly = true;
  };
}