|
@ -16,6 +16,7 @@ |
|
|
openssh.authorizedKeys.keys = [ |
|
|
openssh.authorizedKeys.keys = [ |
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2nkarN0+uSuP5sGwDCb9KRu+FCjO/+da4VypGanPUZ fooker@k-2so" |
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2nkarN0+uSuP5sGwDCb9KRu+FCjO/+da4VypGanPUZ fooker@k-2so" |
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyA8xe6Ej6DpzYSFlyhf3P3QIE1spZAETSa3G/zJ4BjXxO0S4jKsA+Qah6mua2ZIWiRXF6o9JCYsdFKndn1uAzRrHwUk9LCspiI3bsl+EwrBhUbWYnMj2Atp9vMB1SJ6i6RKvDg1YZuvxi4H23MYs3B5a3TBRTlveBxGtZ8Q/YtVDwdW/v1WNAxYe2bz/LFxPNPry6REdGXCuA4cz5s/+ilhRvFQKHbJwC+/SxJIcTY6RAvOFh9wfus2NF0FaEPkwwLLDwxaMOaALwmzGmiBIi/XF3qnSYyPScmEwuq03jmM8qPhJHUHEaxp/cLkjqDWtu+SziEBJ3fu/y/A+vqBS9w== christianpape" |
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyA8xe6Ej6DpzYSFlyhf3P3QIE1spZAETSa3G/zJ4BjXxO0S4jKsA+Qah6mua2ZIWiRXF6o9JCYsdFKndn1uAzRrHwUk9LCspiI3bsl+EwrBhUbWYnMj2Atp9vMB1SJ6i6RKvDg1YZuvxi4H23MYs3B5a3TBRTlveBxGtZ8Q/YtVDwdW/v1WNAxYe2bz/LFxPNPry6REdGXCuA4cz5s/+ilhRvFQKHbJwC+/SxJIcTY6RAvOFh9wfus2NF0FaEPkwwLLDwxaMOaALwmzGmiBIi/XF3qnSYyPScmEwuq03jmM8qPhJHUHEaxp/cLkjqDWtu+SziEBJ3fu/y/A+vqBS9w== christianpape" |
|
|
|
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyv3iq+CbKCFCVqQuvSZ4A9fcmCUgm3edS56mfboIEYALrygcoL7gCo5nsrSqvNhUnRE//VCBenIlG+5nUP6vm1H9tg6g+uBVwrJduiueXUOhl/TNRxj6+mB0lg3a9mVGdnbY7lw1xg8pgcuaDKBDM0LyFa0alpsfwnUaVidvHnue0XVd0MRI75KAILg8W1y2vyxxacjlogAJwEFLFUUZm8BSDSGioCw48+HOQvyi9CpkxJeu689yIvFSX2KIDj1YXwK9C1qqcHZnMyvylgkmE+Uz8hWLGcODHP1ZuYJwgEdfTM4zGZAPyFYnFBQ59ccNRTZk8JcfeI6P5M12MfeJaAW4ucutQO77HJgbrfAn8xXgqOcQIboVJ3fM2fUIHZ5i9A1n0R32sJbkWkH9qKW9B+d4SxyHAEvh6m+xwM7GjAPsKtTu9+8JJjVDRnh7PjRGPvoAvc6TArM8Q7fjC9XsNMvc8Cx+opDyJNgOQC13goACDjTqHvvX5wLY5MDKQwN8= gepperth@robolab8" |
|
|
]; |
|
|
]; |
|
|
|
|
|
|
|
|
packages = with pkgs; [ |
|
|
packages = with pkgs; [ |
|
@ -51,9 +52,44 @@ |
|
|
settings.PermitRootLogin = "without-password"; |
|
|
settings.PermitRootLogin = "without-password"; |
|
|
}; |
|
|
}; |
|
|
|
|
|
|
|
|
networking.firewall.allowedTCPPorts = [ |
|
|
services.snmpd = { |
|
|
22 |
|
|
enable = true; |
|
|
|
|
|
package = pkgs.net-snmp.overrideAttrs (old: { |
|
|
|
|
|
patches = old.patches ++ [ |
|
|
|
|
|
(pkgs.fetchpatch { |
|
|
|
|
|
name = "modern-linux-compat.patch"; |
|
|
|
|
|
url = "https://patch-diff.githubusercontent.com/raw/net-snmp/net-snmp/pull/785.patch"; |
|
|
|
|
|
hash = "sha256-ZSF16RacrHddH50inHdmDYnu+fDS5eZd4PgK62s5C4g="; |
|
|
|
|
|
}) |
|
|
|
|
|
]; |
|
|
|
|
|
}); |
|
|
|
|
|
configText = '' |
|
|
|
|
|
rocommunity public 193.174.29.55/32 |
|
|
|
|
|
rocommunity public 127.0.0.1/8 |
|
|
|
|
|
rocommunity6 public ::1/64 |
|
|
|
|
|
|
|
|
|
|
|
com2sec notConfigUser default public |
|
|
|
|
|
com2sec6 notConfigUser default public |
|
|
|
|
|
|
|
|
|
|
|
group notConfigGroup v1 notConfigUser |
|
|
|
|
|
group notConfigGroup v2c notConfigUser |
|
|
|
|
|
|
|
|
|
|
|
access notConfigGroup "" any noauth exact systemview none none |
|
|
|
|
|
view systemview included .1.3.6.1.2.1.1 |
|
|
|
|
|
view systemview included .1.3.6.1.2.1.25.1.1 |
|
|
|
|
|
|
|
|
|
|
|
dontLogTCPWrappersConnects yes |
|
|
|
|
|
''; |
|
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
|
|
networking.firewall = { |
|
|
|
|
|
allowedTCPPorts = [ |
|
|
|
|
|
22 # SSH |
|
|
]; |
|
|
]; |
|
|
|
|
|
allowedUDPPorts = [ |
|
|
|
|
|
161 # SNMP |
|
|
|
|
|
]; |
|
|
|
|
|
}; |
|
|
|
|
|
|
|
|
sops.secrets."root/password" = { |
|
|
sops.secrets."root/password" = { |
|
|
sopsFile = ./secrets/root.yaml; |
|
|
sopsFile = ./secrets/root.yaml; |
|
|
xxxxxxxxxx