From 6524dfc30e10af532f95574a4353b195a3346aa9 Mon Sep 17 00:00:00 2001 From: Jannik Date: Sun, 24 Jul 2022 17:42:43 +0200 Subject: [PATCH] feat(yate): add snmp monitoring --- hosts/yate-dialup/configuration.nix | 2 ++ hosts/yate-dialup/voip.nix | 6 ++++++ hosts/yate/configuration.nix | 2 ++ hosts/yate/voip.nix | 6 ++++++ 4 files changed, 16 insertions(+) diff --git a/hosts/yate-dialup/configuration.nix b/hosts/yate-dialup/configuration.nix index fd6b328..8e603aa 100644 --- a/hosts/yate-dialup/configuration.nix +++ b/hosts/yate-dialup/configuration.nix @@ -40,6 +40,7 @@ enable = true; ruleset = let tcpPorts = lib.concatStringsSep ", " (map toString config.networking.firewall.allowedTCPPorts); + udpPorts = lib.concatStringsSep ", " (map toString config.networking.firewall.allowedUDPPorts); in '' table inet filter { chain input { @@ -55,6 +56,7 @@ tcp dport 22 accept tcp dport { ${tcpPorts} } accept + udp dport { ${udpPorts} } accept ip saddr { 10.42.10.6, 217.10.68.150 } accept ip6 saddr { 2a01:4f8:1c0c:8221::6, 2001:ab7::0/64 } accept diff --git a/hosts/yate-dialup/voip.nix b/hosts/yate-dialup/voip.nix index 1d6a7e4..2b69a1c 100644 --- a/hosts/yate-dialup/voip.nix +++ b/hosts/yate-dialup/voip.nix @@ -15,9 +15,15 @@ ysipchan.general = { ignorevia = "yes"; }; + ysnmpagent = { + general.port = 161; + snmp_v2.ro_community = "yate"; + }; }; }; + networking.firewall.allowedUDPPorts = [ 161 ]; + sops.secrets.sipgate_password = { owner = "yate"; restartUnits = [ "yate.service" ]; diff --git a/hosts/yate/configuration.nix b/hosts/yate/configuration.nix index 5e1f8a6..cae704a 100644 --- a/hosts/yate/configuration.nix +++ b/hosts/yate/configuration.nix @@ -96,6 +96,7 @@ enable = true; ruleset = let tcpPorts = lib.concatStringsSep ", " (map toString config.networking.firewall.allowedTCPPorts); + udpPorts = lib.concatStringsSep ", " (map toString config.networking.firewall.allowedUDPPorts); in '' table inet filter { chain input { @@ -112,6 +113,7 @@ tcp dport 22 accept tcp dport { ${tcpPorts} } accept + udp dport { ${udpPorts} } accept iif {vlan132, vlan133} accept diff --git a/hosts/yate/voip.nix b/hosts/yate/voip.nix index bce76a8..dcc53e4 100644 --- a/hosts/yate/voip.nix +++ b/hosts/yate/voip.nix @@ -70,8 +70,14 @@ # default = "yes"; #}; }; + ysnmpagent = { + general.port = 161; + snmp_v2.ro_community = "yate"; + }; }; + networking.firewall.allowedUDPPorts = [ 161 ]; + environment.systemPackages = with pkgs; [ (writers.makePythonWriter python39 python39.pkgs "/bin/dect_claim" { libraries = [ python39.pkgs.python-yate ]; } (builtins.readFile ./dect_claim.py)) (runCommand "yintro.slin" {} ''