No known key found for this signature in database
GPG Key ID: B4C3BF012D9B26BE
1 changed files with
38 additions and
3 deletions
-
system.nix
|
|
@ -52,9 +52,44 @@ |
|
|
|
settings.PermitRootLogin = "without-password"; |
|
|
|
}; |
|
|
|
|
|
|
|
networking.firewall.allowedTCPPorts = [ |
|
|
|
22 |
|
|
|
services.snmpd = { |
|
|
|
enable = true; |
|
|
|
package = pkgs.net-snmp.overrideAttrs (old: { |
|
|
|
patches = old.patches ++ [ |
|
|
|
(pkgs.fetchpatch { |
|
|
|
name = "modern-linux-compat.patch"; |
|
|
|
url = "https://patch-diff.githubusercontent.com/raw/net-snmp/net-snmp/pull/785.patch"; |
|
|
|
hash = "sha256-ZSF16RacrHddH50inHdmDYnu+fDS5eZd4PgK62s5C4g="; |
|
|
|
}) |
|
|
|
]; |
|
|
|
}); |
|
|
|
configText = '' |
|
|
|
rocommunity public 193.174.29.55/32 |
|
|
|
rocommunity public 127.0.0.1/8 |
|
|
|
rocommunity6 public ::1/64 |
|
|
|
|
|
|
|
com2sec notConfigUser default public |
|
|
|
com2sec6 notConfigUser default public |
|
|
|
|
|
|
|
group notConfigGroup v1 notConfigUser |
|
|
|
group notConfigGroup v2c notConfigUser |
|
|
|
|
|
|
|
access notConfigGroup "" any noauth exact systemview none none |
|
|
|
view systemview included .1.3.6.1.2.1.1 |
|
|
|
view systemview included .1.3.6.1.2.1.25.1.1 |
|
|
|
|
|
|
|
dontLogTCPWrappersConnects yes |
|
|
|
''; |
|
|
|
}; |
|
|
|
|
|
|
|
networking.firewall = { |
|
|
|
allowedTCPPorts = [ |
|
|
|
22 # SSH |
|
|
|
]; |
|
|
|
allowedUDPPorts = [ |
|
|
|
161 # SNMP |
|
|
|
]; |
|
|
|
}; |
|
|
|
|
|
|
|
sops.secrets."root/password" = { |
|
|
|
sopsFile = ./secrets/root.yaml; |
|
|
|