Enables SNMP agent

Add admin
1 changed files with 39 additions and 3 deletions
--- a/system.nix
+++ b/system.nix
@ -16,6 +16,7 @@
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2nkarN0+uSuP5sGwDCb9KRu+FCjO/+da4VypGanPUZ fooker@k-2so"
      "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyA8xe6Ej6DpzYSFlyhf3P3QIE1spZAETSa3G/zJ4BjXxO0S4jKsA+Qah6mua2ZIWiRXF6o9JCYsdFKndn1uAzRrHwUk9LCspiI3bsl+EwrBhUbWYnMj2Atp9vMB1SJ6i6RKvDg1YZuvxi4H23MYs3B5a3TBRTlveBxGtZ8Q/YtVDwdW/v1WNAxYe2bz/LFxPNPry6REdGXCuA4cz5s/+ilhRvFQKHbJwC+/SxJIcTY6RAvOFh9wfus2NF0FaEPkwwLLDwxaMOaALwmzGmiBIi/XF3qnSYyPScmEwuq03jmM8qPhJHUHEaxp/cLkjqDWtu+SziEBJ3fu/y/A+vqBS9w== christianpape"
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyv3iq+CbKCFCVqQuvSZ4A9fcmCUgm3edS56mfboIEYALrygcoL7gCo5nsrSqvNhUnRE//VCBenIlG+5nUP6vm1H9tg6g+uBVwrJduiueXUOhl/TNRxj6+mB0lg3a9mVGdnbY7lw1xg8pgcuaDKBDM0LyFa0alpsfwnUaVidvHnue0XVd0MRI75KAILg8W1y2vyxxacjlogAJwEFLFUUZm8BSDSGioCw48+HOQvyi9CpkxJeu689yIvFSX2KIDj1YXwK9C1qqcHZnMyvylgkmE+Uz8hWLGcODHP1ZuYJwgEdfTM4zGZAPyFYnFBQ59ccNRTZk8JcfeI6P5M12MfeJaAW4ucutQO77HJgbrfAn8xXgqOcQIboVJ3fM2fUIHZ5i9A1n0R32sJbkWkH9qKW9B+d4SxyHAEvh6m+xwM7GjAPsKtTu9+8JJjVDRnh7PjRGPvoAvc6TArM8Q7fjC9XsNMvc8Cx+opDyJNgOQC13goACDjTqHvvX5wLY5MDKQwN8= gepperth@robolab8"
    ];

    packages = with pkgs; [
@ -51,9 +52,44 @@
    settings.PermitRootLogin = "without-password";
  };

-  networking.firewall.allowedTCPPorts = [
-    22
-  ];
+  services.snmpd = {
+    enable = true;
+    package = pkgs.net-snmp.overrideAttrs (old: {
+      patches = old.patches ++ [
+        (pkgs.fetchpatch {
+          name = "modern-linux-compat.patch";
+          url = "https://patch-diff.githubusercontent.com/raw/net-snmp/net-snmp/pull/785.patch";
+          hash = "sha256-ZSF16RacrHddH50inHdmDYnu+fDS5eZd4PgK62s5C4g=";
+        })
+      ];
+    });
+    configText = ''
+        rocommunity public 193.174.29.55/32
+        rocommunity public 127.0.0.1/8
+        rocommunity6 public ::1/64
+
+        com2sec notConfigUser  default       public
+        com2sec6 notConfigUser  default       public
+
+        group   notConfigGroup v1            notConfigUser
+        group   notConfigGroup v2c           notConfigUser
+
+        access  notConfigGroup ""      any       noauth    exact  systemview none  none
+        view    systemview    included   .1.3.6.1.2.1.1
+        view    systemview    included   .1.3.6.1.2.1.25.1.1
+
+        dontLogTCPWrappersConnects yes
+    '';
+  };
+
+  networking.firewall = {
+    allowedTCPPorts = [
+      22 # SSH
+    ];
+    allowedUDPPorts = [
+      161 # SNMP
+    ];
+  };
  
  sops.secrets."root/password" = {
    sopsFile = ./secrets/root.yaml;
Author	SHA1	Message	Date
Dustin Frisch	5e66fbbcf7	Enables SNMP agent	1 month ago
Dustin Frisch	ceb20ad3ce	Add admin	1 month ago