Configure freeswitch

author: alex <alex@pdp7.net> 2023-10-14 14:09:48 +0200
committer: alex <alex@pdp7.net> 2023-10-14 14:09:48 +0200
commit: 7fde74c5f7c2233f2c2612479e6c1c35dc59e6a2 (patch)
tree: cbce1f670bfa76d7332beb823579775728394093 /personal_infra/puppet/modules/freeswitch
parent: 6868ba7f265e3f86bd31cb60b1299179e5175752 (diff)
4 files changed, 686 insertions, 0 deletions
diff --git a/personal_infra/puppet/modules/freeswitch/README.md b/personal_infra/puppet/modules/freeswitch/README.md
new file mode 100644
index 00000000..9662c68a
--- /dev/null
+++ b/personal_infra/puppet/modules/freeswitch/README.md
@@ -0,0 +1,6 @@
+Baresip config:
+
+account: sip:ext@sip.pdp7.net;transport=tls
+password: xxx
+out proxy: sip:sip.pdp7.net;transport=tls
+sip provider: sip.pdp7.net
diff --git a/personal_infra/puppet/modules/freeswitch/manifests/init.pp b/personal_infra/puppet/modules/freeswitch/manifests/init.pp
new file mode 100644
index 00000000..4ebdf3a2
--- /dev/null
+++ b/personal_infra/puppet/modules/freeswitch/manifests/init.pp
@@ -0,0 +1,24 @@
+class freeswitch($freeswitch_password, $freeswitch_address, $freeswitch_rtp_start_port, $freeswitch_rtp_end_port) {
+    package {'okay-release':
+        source => 'http://repo.okay.com.mx/centos/9/x86_64/release/okay-release-1-9.el9.noarch.rpm',
+    }
+    ->
+    package {['freeswitch-config-vanilla', 'freeswitch-systemd', 'freeswitch-sounds-en-us-callie-all']:}
+    ->
+    service {'freeswitch':
+        enable => true,
+        ensure => running,
+    }
+
+    file {'/etc/freeswitch/vars.xml':
+        content => template('freeswitch/vars.xml'),
+        require => Package['freeswitch-config-vanilla'],
+        notify => Service['freeswitch'],
+    }
+
+    file {'/etc/freeswitch/autoload_configs/switch.conf.xml':
+        content => template('freeswitch/switch.conf.xml'),
+        require => Package['freeswitch-config-vanilla'],
+        notify => Service['freeswitch'],
+    }
+}
diff --git a/personal_infra/puppet/modules/freeswitch/templates/switch.conf.xml b/personal_infra/puppet/modules/freeswitch/templates/switch.conf.xml
new file mode 100644
index 00000000..36891f9b
--- /dev/null
+++ b/personal_infra/puppet/modules/freeswitch/templates/switch.conf.xml
@@ -0,0 +1,208 @@
+<configuration name="switch.conf" description="Core Configuration">
+
+  <cli-keybindings>
+    <key name="1" value="help"/>
+    <key name="2" value="status"/>
+    <key name="3" value="show channels"/>
+    <key name="4" value="show calls"/>
+    <key name="5" value="sofia status"/>
+    <key name="6" value="reloadxml"/>
+    <key name="7" value="console loglevel 0"/>
+    <key name="8" value="console loglevel 7"/>
+    <key name="9" value="sofia status profile internal"/>
+    <key name="10" value="sofia profile internal siptrace on"/>
+    <key name="11" value="sofia profile internal siptrace off"/>
+    <key name="12" value="version"/>
+  </cli-keybindings> 
+  
+  <default-ptimes>
+    <!-- Set this to override the 20ms assumption of various codecs in the sdp with no ptime defined -->
+    <!-- <codec name="G729" ptime="40"/> -->
+  </default-ptimes>
+  
+  <settings>
+    <!-- Colorize the Console -->
+    <param name="colorize-console" value="true"/>
+
+    <!--Include full timestamps in dialplan logs -->
+    <param name="dialplan-timestamps" value="false"/>
+
+    <!-- Run the timer at 20ms by default and drop down as needed unless you set 1m-timer=true which was previous default -->
+    <!-- <param name="1ms-timer" value="true"/> -->
+
+    <!--
+	Set the Switch Name for HA environments.
+	When setting the switch name, it will override the system hostname for all DB and CURL requests
+	allowing cluster environments such as RHCS to have identical FreeSWITCH configurations but run
+	as different hostnames.
+    -->
+    <!-- <param name="switchname" value="freeswitch"/> -->
+    <!-- <param name="cpu-idle-smoothing-depth" value="30"/> -->
+
+
+    <!-- Maximum number of simultaneous DB handles open -->
+    <param name="max-db-handles" value="50"/>
+    <!-- Maximum number of seconds to wait for a new DB handle before failing -->
+    <param name="db-handle-timeout" value="10"/>
+
+    <!-- Minimum idle CPU before refusing calls -->
+    <!-- <param name="min-idle-cpu" value="25"/> -->
+
+    <!-- Interval between heartbeat events -->
+    <!-- <param name="event-heartbeat-interval" value="20"/> -->
+
+    <!--
+	Max number of sessions to allow at any given time.
+	
+	NOTICE: If you're driving 28 T1's in a single box you should set this to 644*2 or 1288
+	this will ensure you're able to use the entire DS3 without a problem.  Otherwise you'll
+	be 144 channels short of always filling that DS3 up which can translate into waste.
+    -->
+    <param name="max-sessions" value="1000"/>
+    <!--Most channels to create per second -->
+    <param name="sessions-per-second" value="30"/>
+    <!-- Default Global Log Level - value is one of debug,info,notice,warning,err,crit,alert -->
+    <param name="loglevel" value="debug"/>
+
+    <!-- Set the core DEBUG level (0-10) -->
+    <!-- <param name="debug-level" value="10"/> -->
+
+    <!-- SQL Buffer length within rage of 32k to 10m -->
+    <!-- <param name="sql-buffer-len" value="1m"/> -->
+    <!-- Maximum SQL Buffer length must be greater than sql-buffer-len -->
+    <!-- <param name="max-sql-buffer-len" value="2m"/> -->
+
+    <!-- 
+	 The min-dtmf-duration specifies the minimum DTMF duration to use on 
+	 outgoing events. Events shorter than this will be increased in duration
+	 to match min_dtmf_duration. You cannot configure a dtmf duration on a 
+	 profile that is less than this setting. You may increase this value,
+	 but cannot set it lower than 400. This value cannot exceed 
+	 max-dtmf-duration. -->
+    <!-- <param name="min-dtmf-duration" value="400"/> -->
+
+    <!-- 
+	 The max-dtmf-duration caps the playout of a DTMF event at the specified
+	 duration. Events exceeding this duration will be truncated to this
+	 duration. You cannot configure a duration on a profile that exceeds
+	 this setting. This setting can be lowered, but cannot exceed 192000. 
+	 This setting cannot be set lower than min_dtmf_duration. -->
+    <!-- <param name="max-dtmf-duration" value="192000"/> -->
+
+    <!-- 
+	 The default_dtmf_duration specifies the DTMF duration to use on
+	 originated DTMF events or on events that are received without a
+	 duration specified. This value can be increased or lowered. This
+	 value is lower-bounded by min_dtmf_duration and upper-bounded by
+	 max-dtmf-duration\. -->
+    <!-- <param name="default-dtmf-duration" value="2000"/> -->
+
+    <!--
+	If you want to send out voicemail notifications via Windows you'll need to change the mailer-app
+	variable to the setting below:
+	
+	<param name="mailer-app" value="msmtp"/>
+	
+	Do not change mailer-app-args.
+	You will also need to download a sendmail clone for Windows (msmtp). This version works without issue:
+	http://msmtp.sourceforge.net/index.html. Download and copy the .exe to %winddir%\system32.
+	You'll need to create a small config file for smtp credentials (host name, authentication, tls, etc.) in
+	%USERPROFILE%\Application Data\ called "msmtprc.txt". Below is a sample copy of this file:
+	
+	###################################
+	# The SMTP server of the provider.
+	account provider
+	host smtp.myisp.com
+	from john@myisp.com
+	auth login
+	user johndoe
+	password mypassword
+	
+	# Set a default account
+	account default : provider
+	###################################
+	
+    -->    
+
+    <param name="mailer-app" value="sendmail"/>
+    <param name="mailer-app-args" value="-t"/>
+    <param name="dump-cores" value="yes"/>
+
+    <!-- Enable verbose channel events to include every detail about a channel on every event  -->
+    <!-- <param name="verbose-channel-events" value="no"/> -->
+
+    <!-- Enable clock nanosleep -->
+    <!-- <param name="enable-clock-nanosleep" value="true"/> -->
+
+    <!-- Enable monotonic timing -->
+    <!-- <param name="enable-monotonic-timing" value="true"/> -->
+
+    <!-- NEEDS DOCUMENTATION -->
+    <!-- <param name="enable-softtimer-timerfd" value="true"/> -->
+    <!-- <param name="enable-cond-yield" value="true"/> -->
+    <!-- <param name="enable-timer-matrix" value="true"/> -->
+    <!-- <param name="threaded-system-exec" value="true"/> -->
+    <!-- <param name="tipping-point" value="0"/> -->
+    <!-- <param name="timer-affinity" value="disabled"/> -->
+    <!-- NEEDS DOCUMENTATION -->
+
+    <!-- RTP port range -->
+    <param name="rtp-start-port" value="<%= @freeswitch_rtp_start_port %>"/>
+    <param name="rtp-end-port" value="<%= @freeswitch_rtp_end_port %>"/>
+
+    <!-- Test each port to make sure it is not in use by some other process before allocating it to RTP -->
+    <!-- <param name="rtp-port-usage-robustness" value="true"/> -->
+
+    <param name="rtp-enable-zrtp" value="false"/>
+
+    <!--
+	 Store encryption keys for secure media in channel variables and call CDRs. Default: false.
+	 WARNING: If true, anyone with CDR access can decrypt secure media!
+    -->
+    <!-- <param name="rtp-retain-crypto-keys" value="true"/> -->
+
+    <!--
+	 Native PostgreSQL support was removed from the FreeSWITCH Core!
+	 =================================
+	 NOTICE: You MUST enable mod_pgsql        
+	 =================================
+	 According to https://www.postgresql.org/docs/9.6/libpq-connect.html#LIBPQ-CONNSTRING
+	 There are two accepted formats for connection strings supported by the libpq library: 
+	 * For plain keyword = value strings use pgsql://
+	   pgsql://hostaddr=127.0.0.1 dbname=freeswitch user=freeswitch password='' options='-c client_min_messages=NOTICE'
+	 * For RFC 3986 URIs use postgresql:// or postgres://
+	   postgresql://
+	   postgresql://localhost
+	   postgresql://localhost:5433
+	   postgresql://localhost/mydb
+	   postgresql://user@localhost
+	   postgresql://user:secret@localhost
+	   postgresql://other@localhost/otherdb?connect_timeout=10&application_name=myapp
+	   postgresql:///mydb?host=localhost&port=5433
+    -->
+    <!-- <param name="core-db-dsn" value="pgsql://hostaddr=127.0.0.1 dbname=freeswitch user=freeswitch password='' options='-c client_min_messages=NOTICE'" /> -->
+    <!-- <param name="core-db-dsn" value="postgresql://freeswitch:@127.0.0.1/freeswitch?options=-c%20client_min_messages%3DNOTICE" /> -->
+    <!-- <param name="core-db-dsn" value="mariadb://Server=localhost;Database=freeswitch;Uid=freeswitch;Pwd=pass;" /> -->
+    <!-- <param name="core-db-dsn" value="dsn:username:password" /> -->
+    <!-- 
+	 Allow to specify the sqlite db at a different location (In this example, move it to ramdrive for
+	 better performance on most linux distro (note, you loose the data if you reboot))
+    -->
+    <!-- <param name="core-db-name" value="/dev/shm/core.db" /> -->
+
+    <!-- The system will create all the db schemas automatically, set this to false to avoid this behaviour -->
+    <!-- <param name="auto-create-schemas" value="true"/> -->
+    <!-- <param name="auto-clear-sql" value="true"/> -->
+    <!-- <param name="enable-early-hangup" value="true"/> -->
+
+    <!-- <param name="core-dbtype" value="MSSQL"/> -->
+
+    <!-- Allow multiple registrations to the same account in the central registration table -->
+    <!-- <param name="multiple-registrations" value="true"/> -->
+
+    <!-- <param name="max-audio-channels" value="2"/> -->
+
+  </settings>
+
+</configuration>
+
diff --git a/personal_infra/puppet/modules/freeswitch/templates/vars.xml b/personal_infra/puppet/modules/freeswitch/templates/vars.xml
new file mode 100644
index 00000000..850c0a17
--- /dev/null
+++ b/personal_infra/puppet/modules/freeswitch/templates/vars.xml
@@ -0,0 +1,448 @@
+<include>
+  <!-- Preprocessor Variables
+       These are introduced when configuration strings must be consistent across modules.
+       NOTICE: YOU CAN NOT COMMENT OUT AN X-PRE-PROCESS line, Remove the line instead.
+
+       WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+
+       YOU SHOULD CHANGE THIS default_password value if you don't want to be subject to any
+       toll fraud in the future.  It's your responsibility to secure your own system.
+
+       This default config is used to demonstrate the feature set of FreeSWITCH.
+
+       WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+  -->
+  <X-PRE-PROCESS cmd="set" data="default_password=<%= @freeswitch_password %>"/>
+  <!-- Did you change it yet? -->
+  <!--
+      The following variables are set dynamically - calculated if possible by freeswitch - and
+      are available to the config as $${variable}.  You can see their calculated value via fs_cli
+      by entering eval $${variable}
+
+      hostname
+      local_ip_v4
+      local_mask_v4
+      local_ip_v6
+      switch_serial
+      base_dir
+      recordings_dir
+      sound_prefix
+      sounds_dir
+      conf_dir
+      log_dir
+      run_dir
+      db_dir
+      mod_dir
+      htdocs_dir
+      script_dir
+      temp_dir
+      grammar_dir
+      certs_dir
+      storage_dir
+      cache_dir
+      core_uuid
+      zrtp_enabled
+      nat_public_addr
+      nat_private_addr
+      nat_type
+
+  -->
+
+
+  <X-PRE-PROCESS cmd="set" data="sound_prefix=$${sounds_dir}/en/us/callie"/>
+  <!--<Z-PRE-PROCESS cmd="set" data="sound_prefix=$${sounds_dir}/en/us/allison"/> -->
+
+  <!--
+      This setting is what sets the default domain FreeSWITCH will use if all else fails.
+
+      FreeSWICH will default to $${local_ip_v4} unless changed.  Changing this setting does
+      affect the sip authentication.  Please review conf/directory/default.xml for more
+      information on this topic.
+  -->
+  <X-PRE-PROCESS cmd="set" data="domain=sip.pdp7.net"/>
+  <X-PRE-PROCESS cmd="set" data="domain_name=$${domain}"/>
+  <X-PRE-PROCESS cmd="set" data="hold_music=local_stream://moh"/>
+  <X-PRE-PROCESS cmd="set" data="use_profile=external"/>
+  <X-PRE-PROCESS cmd="set" data="rtp_sdes_suites=AEAD_AES_256_GCM_8|AEAD_AES_128_GCM_8|AES_CM_256_HMAC_SHA1_80|AES_CM_192_HMAC_SHA1_80|AES_CM_128_HMAC_SHA1_80|AES_CM_256_HMAC_SHA1_32|AES_CM_192_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_32|AES_CM_128_NULL_AUTH"/>
+  <!--
+      Enable ZRTP globally you can override this on a per channel basis
+
+      http://wiki.freeswitch.org/wiki/ZRTP (on how to enable zrtp)
+  -->
+  <X-PRE-PROCESS cmd="set" data="zrtp_secure_media=true"/>
+  <!--
+      NOTICE: When using SRTP it's critical that you do not offer or accept
+      variable bit rate codecs, doing so would leak information and possibly
+      compromise your SRTP stream. (FS-6404)
+
+      Supported SRTP Crypto Suites:
+
+      AEAD_AES_256_GCM_8
+      ____________________________________________________________________________
+      This algorithm is identical to AEAD_AES_256_GCM (see Section 5.2 of
+      [RFC5116]), except that the tag length, t, is 8, and an
+      authentication tag with a length of 8 octets (64 bits) is used.
+      An AEAD_AES_256_GCM_8 ciphertext is exactly 8 octets longer than its
+      corresponding plaintext.
+
+
+      AEAD_AES_128_GCM_8
+      ____________________________________________________________________________
+      This algorithm is identical to AEAD_AES_128_GCM (see Section 5.1 of
+      [RFC5116]), except that the tag length, t, is 8, and an
+      authentication tag with a length of 8 octets (64 bits) is used.
+      An AEAD_AES_128_GCM_8 ciphertext is exactly 8 octets longer than its
+      corresponding plaintext.
+
+
+      AES_CM_256_HMAC_SHA1_80 | AES_CM_192_HMAC_SHA1_80 | AES_CM_128_HMAC_SHA1_80
+      ____________________________________________________________________________
+      AES_CM_128_HMAC_SHA1_80 is the SRTP default AES Counter Mode cipher
+      and HMAC-SHA1 message authentication with an 80-bit authentication
+      tag. The master-key length is 128 bits and has a default lifetime of
+      a maximum of 2^48 SRTP packets or 2^31 SRTCP packets, whichever comes
+      first.
+
+
+      AES_CM_256_HMAC_SHA1_32 | AES_CM_192_HMAC_SHA1_32 | AES_CM_128_HMAC_SHA1_32
+      ____________________________________________________________________________
+      This crypto-suite is identical to AES_CM_128_HMAC_SHA1_80 except that
+      the authentication tag is 32 bits. The length of the base64-decoded key and
+      salt value for this crypto-suite MUST be 30 octets i.e., 240 bits; otherwise,
+      the crypto attribute is considered invalid.
+
+
+      AES_CM_128_NULL_AUTH
+      ____________________________________________________________________________
+      The SRTP default cipher (AES-128 Counter Mode), but to use no authentication
+      method.  This policy is NOT RECOMMENDED unless it is unavoidable; see
+      Section 7.5 of [RFC3711].
+
+
+      SRTP variables that modify behaviors based on direction/leg:
+
+      rtp_secure_media
+      ____________________________________________________________________________
+      possible values:
+          mandatory - Accept/Offer SAVP negotiation ONLY
+          optional  - Accept/Offer SAVP/AVP with SAVP preferred
+          forbidden - More useful for inbound to deny SAVP negotiation
+          false     - implies forbidden
+          true      - implies mandatory
+
+      default if not set is accept SAVP inbound if offered.
+
+
+      rtp_secure_media_inbound | rtp_secure_media_outbound
+      ____________________________________________________________________________
+      This is the same as rtp_secure_media, but would apply to either inbound
+      or outbound offers specifically.
+
+
+      How to specify crypto suites:
+      ____________________________________________________________________________
+      By default without specifying any crypto suites FreeSWITCH will offer
+      crypto suites from strongest to weakest accepting the strongest each
+      endpoint has in common.  If you wish to force specific crypto suites you
+      can do so by appending the suites in a comma separated list in the order
+      that you wish to offer them in.
+
+      Examples:
+
+          rtp_secure_media=mandatory:AES_CM_256_HMAC_SHA1_80,AES_CM_256_HMAC_SHA1_32
+          rtp_secure_media=true:AES_CM_256_HMAC_SHA1_80,AES_CM_256_HMAC_SHA1_32
+          rtp_secure_media=optional:AES_CM_256_HMAC_SHA1_80
+          rtp_secure_media=true:AES_CM_256_HMAC_SHA1_80
+
+      Additionally you can narrow this down on either inbound or outbound by
+      specifying as so:
+
+          rtp_secure_media_inbound=true:AEAD_AES_256_GCM_8
+          rtp_secure_media_inbound=mandatory:AEAD_AES_256_GCM_8
+          rtp_secure_media_outbound=true:AEAD_AES_128_GCM_8
+          rtp_secure_media_outbound=optional:AEAD_AES_128_GCM_8
+
+
+      rtp_secure_media_suites
+      ____________________________________________________________________________
+      Optionaly you can use rtp_secure_media_suites to dictate the suite list
+      and only use rtp_secure_media=[optional|mandatory|false|true] without having
+      to dictate the suite list with the rtp_secure_media* variables.
+  -->
+  <!--
+       Examples of codec options: (module must be compiled and loaded)
+
+       codecname[@8000h|16000h|32000h[@XXi]]
+
+       XX is the frame size must be multples allowed for the codec
+       FreeSWITCH can support 10-120ms on some codecs.
+       We do not support exceeding the MTU of the RTP packet.
+
+
+       iLBC@30i         - iLBC using mode=30 which will win in all cases.
+       DVI4@8000h@20i   - IMA ADPCM 8kHz using 20ms ptime. (multiples of 10)
+       DVI4@16000h@40i  - IMA ADPCM 16kHz using 40ms ptime. (multiples of 10)
+       speex@8000h@20i  - Speex 8kHz using 20ms ptime.
+       speex@16000h@20i - Speex 16kHz using 20ms ptime.
+       speex@32000h@20i - Speex 32kHz using 20ms ptime.
+       BV16             - BroadVoice 16kb/s narrowband, 8kHz
+       BV32             - BroadVoice 32kb/s wideband, 16kHz
+       G7221@16000h     - G722.1 16kHz (aka Siren 7)
+       G7221@32000h     - G722.1C 32kHz (aka Siren 14)
+       CELT@32000h      - CELT 32kHz, only 10ms supported
+       CELT@48000h      - CELT 48kHz, only 10ms supported
+       GSM@40i          - GSM 8kHz using 40ms ptime. (GSM is done in multiples of 20, Default is 20ms)
+       G722             - G722 16kHz using default 20ms ptime. (multiples of 10)
+       PCMU             - G711 8kHz ulaw using default 20ms ptime. (multiples of 10)
+       PCMA             - G711 8kHz alaw using default 20ms ptime. (multiples of 10)
+       G726-16          - G726 16kbit adpcm using default 20ms ptime. (multiples of 10)
+       G726-24          - G726 24kbit adpcm using default 20ms ptime. (multiples of 10)
+       G726-32          - G726 32kbit adpcm using default 20ms ptime. (multiples of 10)
+       G726-40          - G726 40kbit adpcm using default 20ms ptime. (multiples of 10)
+       AAL2-G726-16     - Same as G726-16 but using AAL2 packing. (multiples of 10)
+       AAL2-G726-24     - Same as G726-24 but using AAL2 packing. (multiples of 10)
+       AAL2-G726-32     - Same as G726-32 but using AAL2 packing. (multiples of 10)
+       AAL2-G726-40     - Same as G726-40 but using AAL2 packing. (multiples of 10)
+       LPC              - LPC10 using 90ms ptime (only supports 90ms at this time in FreeSWITCH)
+       L16              - L16 isn't recommended for VoIP but you can do it. L16 can exceed the MTU rather quickly.
+
+       These are the passthru audio codecs:
+
+       G729             - G729 in passthru mode. (mod_g729)
+       G723             - G723.1 in passthru mode. (mod_g723_1)
+       AMR              - AMR in passthru mode. (mod_amr)
+
+       These are the passthru video codecs: (mod_h26x)
+
+       H261             - H.261 Video
+       H263             - H.263 Video
+       H263-1998        - H.263-1998 Video
+       H263-2000        - H.263-2000 Video
+       H264             - H.264 Video
+
+       RTP Dynamic Payload Numbers currently used in FreeSWITCH and their purpose.
+
+       96  - AMR
+       97  - iLBC (30)
+       98  - iLBC (20)
+       99  - Speex 8kHz, 16kHz, 32kHz
+       100 -
+       101 - telephone-event
+       102 -
+       103 -
+       104 -
+       105 -
+       106 - BV16
+       107 - G722.1 (16kHz)
+       108 -
+       109 -
+       110 -
+       111 -
+       112 -
+       113 -
+       114 - CELT 32kHz, 48kHz
+       115 - G722.1C (32kHz)
+       116 -
+       117 - SILK 8kHz
+       118 - SILK 12kHz
+       119 - SILK 16kHz
+       120 - SILK 24kHz
+       121 - AAL2-G726-40 && G726-40
+       122 - AAL2-G726-32 && G726-32
+       123 - AAL2-G726-24 && G726-24
+       124 - AAL2-G726-16 && G726-16
+       125 -
+       126 -
+       127 - BV32
+
+  -->
+  <X-PRE-PROCESS cmd="set" data="global_codec_prefs=OPUS,G722,PCMU,PCMA,H264,VP8"/>
+  <X-PRE-PROCESS cmd="set" data="outbound_codec_prefs=OPUS,G722,PCMU,PCMA,H264,VP8"/>
+
+  <!--
+      xmpp_client_profile and xmpp_server_profile
+      xmpp_client_profile can be any string.
+      xmpp_server_profile is appended to "dingaling_" to form the database name
+      containing the "subscriptions" table.
+      used by: dingaling.conf.xml enum.conf.xml
+  -->
+
+  <X-PRE-PROCESS cmd="set" data="xmpp_client_profile=xmppc"/>
+  <X-PRE-PROCESS cmd="set" data="xmpp_server_profile=xmpps"/>
+  <!--
+       THIS IS ONLY USED FOR DINGALING
+
+       bind_server_ip
+
+       Can be an ip address, a dns name, or "auto".
+       This determines an ip address available on this host to bind.
+       If you are separating RTP and SIP traffic, you will want to have
+       use different addresses where this variable appears.
+       Used by: dingaling.conf.xml
+  -->
+  <X-PRE-PROCESS cmd="set" data="bind_server_ip=auto"/>
+
+  <!-- NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE
+
+       If you're going to load test FreeSWITCH please input real IP addresses
+       for external_rtp_ip and external_sip_ip
+  -->
+
+  <!-- external_rtp_ip
+       Can be an one of:
+           ip address: "12.34.56.78"
+           a stun server lookup: "stun:stun.server.com"
+           a DNS name: "host:host.server.com"
+       where fs.mydomain.com is a DNS A record-useful when fs is on
+       a dynamic IP address, and uses a dynamic DNS updater.
+       If unspecified, the bind_server_ip value is used.
+       Used by: sofia.conf.xml dingaling.conf.xml
+  -->
+  <X-PRE-PROCESS cmd="stun-set" data="external_rtp_ip=<%= @freeswitch_address %>"/>
+
+  <!-- external_sip_ip
+      Used as the public IP address for SDP.
+       Can be an one of:
+           ip address: "12.34.56.78"
+           a stun server lookup: "stun:stun.server.com"
+           a DNS name: "host:host.server.com"
+       where fs.mydomain.com is a DNS A record-useful when fs is on
+       a dynamic IP address, and uses a dynamic DNS updater.
+       If unspecified, the bind_server_ip value is used.
+       Used by: sofia.conf.xml dingaling.conf.xml
+  -->
+  <X-PRE-PROCESS cmd="stun-set" data="external_sip_ip=<%= @freeswitch_address %>"/>
+
+  <!-- unroll-loops
+       Used to turn on sip loopback unrolling.
+  -->
+  <X-PRE-PROCESS cmd="set" data="unroll_loops=true"/>
+
+  <!-- outbound_caller_id and outbound_caller_name
+       The caller ID telephone number we should use when calling out.
+       Used by: conference.conf.xml and user directory for default
+       outbound callerid name and number.
+  -->
+  <X-PRE-PROCESS cmd="set" data="outbound_caller_name=FreeSWITCH"/>
+  <X-PRE-PROCESS cmd="set" data="outbound_caller_id=0000000000"/>
+
+  <!-- various debug and defaults -->
+  <X-PRE-PROCESS cmd="set" data="call_debug=false"/>
+  <X-PRE-PROCESS cmd="set" data="console_loglevel=info"/>
+  <X-PRE-PROCESS cmd="set" data="default_areacode=918"/>
+  <X-PRE-PROCESS cmd="set" data="default_country=US"/>
+
+  <!-- if false or undefined, the destination number is included in presence NOTIFY dm:note.
+       if true, the destination number is not included -->
+  <X-PRE-PROCESS cmd="set" data="presence_privacy=false"/>
+
+  <X-PRE-PROCESS cmd="set" data="au-ring=%(400,200,383,417);%(400,2000,383,417)"/>
+  <X-PRE-PROCESS cmd="set" data="be-ring=%(1000,3000,425)"/>
+  <X-PRE-PROCESS cmd="set" data="ca-ring=%(2000,4000,440,480)"/>
+  <X-PRE-PROCESS cmd="set" data="cn-ring=%(1000,4000,450)"/>
+  <X-PRE-PROCESS cmd="set" data="cy-ring=%(1500,3000,425)"/>
+  <X-PRE-PROCESS cmd="set" data="cz-ring=%(1000,4000,425)"/>
+  <X-PRE-PROCESS cmd="set" data="de-ring=%(1000,4000,425)"/>
+  <X-PRE-PROCESS cmd="set" data="dk-ring=%(1000,4000,425)"/>
+  <X-PRE-PROCESS cmd="set" data="dz-ring=%(1500,3500,425)"/>
+  <X-PRE-PROCESS cmd="set" data="eg-ring=%(2000,1000,475,375)"/>
+  <X-PRE-PROCESS cmd="set" data="es-ring=%(1500,3000,425)"/>
+  <X-PRE-PROCESS cmd="set" data="fi-ring=%(1000,4000,425)"/>
+  <X-PRE-PROCESS cmd="set" data="fr-ring=%(1500,3500,440)"/>
+  <X-PRE-PROCESS cmd="set" data="hk-ring=%(400,200,440,480);%(400,3000,440,480)"/>
+  <X-PRE-PROCESS cmd="set" data="hu-ring=%(1250,3750,425)"/>
+  <X-PRE-PROCESS cmd="set" data="il-ring=%(1000,3000,400)"/>
+  <X-PRE-PROCESS cmd="set" data="in-ring=%(400,200,425,375);%(400,2000,425,375)"/>
+  <X-PRE-PROCESS cmd="set" data="jp-ring=%(1000,2000,420,380)"/>
+  <X-PRE-PROCESS cmd="set" data="ko-ring=%(1000,2000,440,480)"/>
+  <X-PRE-PROCESS cmd="set" data="pk-ring=%(1000,2000,400)"/>
+  <X-PRE-PROCESS cmd="set" data="pl-ring=%(1000,4000,425)"/>
+  <X-PRE-PROCESS cmd="set" data="ro-ring=%(1850,4150,475,425)"/>
+  <X-PRE-PROCESS cmd="set" data="rs-ring=%(1000,4000,425)"/>
+  <X-PRE-PROCESS cmd="set" data="ru-ring=%(800,3200,425)"/>
+  <X-PRE-PROCESS cmd="set" data="sa-ring=%(1200,4600,425)"/>
+  <X-PRE-PROCESS cmd="set" data="tr-ring=%(2000,4000,450)"/>
+  <X-PRE-PROCESS cmd="set" data="uk-ring=%(400,200,400,450);%(400,2000,400,450)"/>
+  <X-PRE-PROCESS cmd="set" data="us-ring=%(2000,4000,440,480)"/>
+  <X-PRE-PROCESS cmd="set" data="bong-ring=v=-7;%(100,0,941.0,1477.0);v=-7;>=2;+=.1;%(1400,0,350,440)"/>
+  <X-PRE-PROCESS cmd="set" data="beep=%(1000,0,640)"/>
+  <X-PRE-PROCESS cmd="set" data="sit=%(274,0,913.8);%(274,0,1370.6);%(380,0,1776.7)"/>
+
+  <!--
+       Digits Dialed filter: (FS-6940)
+
+       The digits stream may contain valid credit card numbers or social security numbers, These digit
+       filters will allow you to make a valant effort to stamp out sensitive information for
+       PCI/HIPPA compliance. (see xml_cdr dialed_digits)
+
+       df_us_ssn   = US Social Security Number pattern
+       df_us_luhn  = Visa, MasterCard, American Express, Diners Club, Discover and JCB
+  -->
+  <X-PRE-PROCESS cmd="set" data="df_us_ssn=(?!219099999|078051120)(?!666|000|9\d{2})\d{3}(?!00)\d{2}(?!0{4})\d{4}"/>
+  <X-PRE-PROCESS cmd="set" data="df_luhn=?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|6(?:011|5[0-9]{2})[0-9]{12}|(?:2131|1800|35\d{3})\d{11}"/>
+  <!-- change XX to X below to enable -->
+  <XX-PRE-PROCESS cmd="set" data="digits_dialed_filter=(($${df_luhn})|($${df_us_ssn}))"/>
+
+  <!--
+      Setting up your default sip provider is easy.
+      Below are some values that should work in most cases.
+
+      These are for conf/directory/default/example.com.xml
+  -->
+  <X-PRE-PROCESS cmd="set" data="default_provider=example.com"/>
+  <X-PRE-PROCESS cmd="set" data="default_provider_username=joeuser"/>
+  <X-PRE-PROCESS cmd="set" data="default_provider_password=password"/>
+  <X-PRE-PROCESS cmd="set" data="default_provider_from_domain=example.com"/>
+  <!-- true or false -->
+  <X-PRE-PROCESS cmd="set" data="default_provider_register=false"/>
+  <X-PRE-PROCESS cmd="set" data="default_provider_contact=5000"/>
+
+  <!--
+     SIP and TLS settings. http://wiki.freeswitch.org/wiki/Tls
+
+     valid options: sslv2,sslv3,sslv23,tlsv1,tlsv1.1,tlsv1.2
+
+     default: tlsv1,tlsv1.1,tlsv1.2
+  -->
+  <X-PRE-PROCESS cmd="set" data="sip_tls_version=tlsv1,tlsv1.1,tlsv1.2"/>
+
+  <!--
+     TLS cipher suite: default ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
+
+     The actual ciphers supported will change per platform.
+
+     openssl ciphers -v 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'
+
+     Will show you what is available in your verion of openssl.
+  -->
+  <X-PRE-PROCESS cmd="set" data="sip_tls_ciphers=ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"/>
+
+  <!-- Internal SIP Profile -->
+  <X-PRE-PROCESS cmd="set" data="internal_auth_calls=true"/>
+  <X-PRE-PROCESS cmd="set" data="internal_sip_port=5060"/>
+  <X-PRE-PROCESS cmd="set" data="internal_tls_port=5061"/>
+  <X-PRE-PROCESS cmd="set" data="internal_ssl_enable=true"/>
+
+  <!-- External SIP Profile -->
+  <X-PRE-PROCESS cmd="set" data="external_auth_calls=false"/>
+  <X-PRE-PROCESS cmd="set" data="external_sip_port=5080"/>
+  <X-PRE-PROCESS cmd="set" data="external_tls_port=5081"/>
+  <X-PRE-PROCESS cmd="set" data="external_ssl_enable=false"/>
+
+  <!-- Video Settings -->
+  <!-- Setting the max bandwdith -->
+  <X-PRE-PROCESS cmd="set" data="rtp_video_max_bandwidth_in=3mb"/>
+  <X-PRE-PROCESS cmd="set" data="rtp_video_max_bandwidth_out=3mb"/>
+
+  <!-- WebRTC Video -->
+  <!-- Suppress CNG for WebRTC Audio -->
+  <X-PRE-PROCESS cmd="set" data="suppress_cng=true"/>
+  <!-- Enable liberal DTMF for those that can't get it right -->
+  <X-PRE-PROCESS cmd="set" data="rtp_liberal_dtmf=true"/>
+  <!-- Helps with WebRTC Audio -->
+
+  <!-- Stock Video Avatars -->
+  <X-PRE-PROCESS cmd="set" data="video_mute_png=$${images_dir}/default-mute.png"/>
+  <X-PRE-PROCESS cmd="set" data="video_no_avatar_png=$${images_dir}/default-avatar.png"/>
+
+</include>
author	alex <alex@pdp7.net>	2023-10-14 14:09:48 +0200
committer	alex <alex@pdp7.net>	2023-10-14 14:09:48 +0200
commit	7fde74c5f7c2233f2c2612479e6c1c35dc59e6a2 (patch)
tree	cbce1f670bfa76d7332beb823579775728394093 /personal_infra/puppet/modules/freeswitch
parent	6868ba7f265e3f86bd31cb60b1299179e5175752 (diff)