From 5e66fbbcf7a6b44616a55695125b517caebe6cdb Mon Sep 17 00:00:00 2001
From: Dustin Frisch <fooker@lab.sh>
Date: Tue, 29 Oct 2024 12:18:12 +0100
Subject: [PATCH] Enables SNMP agent

---
 system.nix | 41 ++++++++++++++++++++++++++++++++++++++---
 1 file changed, 38 insertions(+), 3 deletions(-)

diff --git a/system.nix b/system.nix
index cc5563d..fcaeb57 100644
--- a/system.nix
+++ b/system.nix
@@ -52,9 +52,44 @@
     settings.PermitRootLogin = "without-password";
   };
 
-  networking.firewall.allowedTCPPorts = [
-    22
-  ];
+  services.snmpd = {
+    enable = true;
+    package = pkgs.net-snmp.overrideAttrs (old: {
+      patches = old.patches ++ [
+        (pkgs.fetchpatch {
+          name = "modern-linux-compat.patch";
+          url = "https://patch-diff.githubusercontent.com/raw/net-snmp/net-snmp/pull/785.patch";
+          hash = "sha256-ZSF16RacrHddH50inHdmDYnu+fDS5eZd4PgK62s5C4g=";
+        })
+      ];
+    });
+    configText = ''
+        rocommunity public 193.174.29.55/32
+        rocommunity public 127.0.0.1/8
+        rocommunity6 public ::1/64
+
+        com2sec notConfigUser  default       public
+        com2sec6 notConfigUser  default       public
+
+        group   notConfigGroup v1            notConfigUser
+        group   notConfigGroup v2c           notConfigUser
+
+        access  notConfigGroup ""      any       noauth    exact  systemview none  none
+        view    systemview    included   .1.3.6.1.2.1.1
+        view    systemview    included   .1.3.6.1.2.1.25.1.1
+
+        dontLogTCPWrappersConnects yes
+    '';
+  };
+
+  networking.firewall = {
+    allowedTCPPorts = [
+      22 # SSH
+    ];
+    allowedUDPPorts = [
+      161 # SNMP
+    ];
+  };
   
   sops.secrets."root/password" = {
     sopsFile = ./secrets/root.yaml;
-- 
GitLab