Enables SNMP agent

5e66fbbc · Dustin Michael Frisch · ceb20ad3 · 5e66fbbc
Verified Commit 5e66fbbc authored 5 months ago by Dustin Michael Frisch
--- a/system.nix
+++ b/system.nix
@@ -52,9 +52,44 @@
    settings.PermitRootLogin = "without-password";
  };

-  networking.firewall.allowedTCPPorts = [
-    22
-  ];
+  services.snmpd = {
+    enable = true;
+    package = pkgs.net-snmp.overrideAttrs (old: {
+      patches = old.patches ++ [
+        (pkgs.fetchpatch {
+          name = "modern-linux-compat.patch";
+          url = "https://patch-diff.githubusercontent.com/raw/net-snmp/net-snmp/pull/785.patch";
+          hash = "sha256-ZSF16RacrHddH50inHdmDYnu+fDS5eZd4PgK62s5C4g=";
+        })
+      ];
+    });
+    configText = ''
+        rocommunity public 193.174.29.55/32
+        rocommunity public 127.0.0.1/8
+        rocommunity6 public ::1/64
+
+        com2sec notConfigUser  default       public
+        com2sec6 notConfigUser  default       public
+
+        group   notConfigGroup v1            notConfigUser
+        group   notConfigGroup v2c           notConfigUser
+
+        access  notConfigGroup ""      any       noauth    exact  systemview none  none
+        view    systemview    included   .1.3.6.1.2.1.1
+        view    systemview    included   .1.3.6.1.2.1.25.1.1
+
+        dontLogTCPWrappersConnects yes
+    '';
+  };
+
+  networking.firewall = {
+    allowedTCPPorts = [
+      22 # SSH
+    ];
+    allowedUDPPorts = [
+      161 # SNMP
+    ];
+  };
  
  sops.secrets."root/password" = {
    sopsFile = ./secrets/root.yaml;