feat(yate): add snmp monitoring

2022-07-24 17:42:43 +02:00
parent d7c5c4c0f6
commit 6524dfc30e
4 changed files with 16 additions and 0 deletions
--- a/hosts/yate-dialup/configuration.nix
+++ b/hosts/yate-dialup/configuration.nix
@@ -40,6 +40,7 @@
    enable = true;
    ruleset = let
        tcpPorts = lib.concatStringsSep ", " (map toString config.networking.firewall.allowedTCPPorts);
+        udpPorts = lib.concatStringsSep ", " (map toString config.networking.firewall.allowedUDPPorts);
    in ''
      table inet filter {
        chain input {
@@ -55,6 +56,7 @@

          tcp dport 22 accept
          tcp dport { ${tcpPorts} } accept
+          udp dport { ${udpPorts} } accept

          ip saddr { 10.42.10.6, 217.10.68.150 } accept
          ip6 saddr { 2a01:4f8:1c0c:8221::6, 2001:ab7::0/64 } accept
--- a/hosts/yate-dialup/voip.nix
+++ b/hosts/yate-dialup/voip.nix
@@ -15,9 +15,15 @@
      ysipchan.general = {
        ignorevia = "yes";
      };
+      ysnmpagent = {
+        general.port = 161;
+        snmp_v2.ro_community = "yate";
+      };
    };
  };

+  networking.firewall.allowedUDPPorts = [ 161 ];
+
  sops.secrets.sipgate_password = {
    owner = "yate";
    restartUnits = [ "yate.service" ];