nixpkgs/nixos/modules/services/monitoring/snmpd.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

{ pkgs, config, lib, ... }:

let
  cfg = config.services.snmpd;
  configFile = if cfg.configText != "" then
    pkgs.writeText "snmpd.cfg" ''
      ${cfg.configText}
    '' else null;
in {
  options.services.snmpd = {
    enable = lib.mkEnableOption "snmpd";

    package = lib.mkPackageOption pkgs "net-snmp" {};

    listenAddress = lib.mkOption {
      type = lib.types.str;
      default = "0.0.0.0";
      description = lib.mdDoc ''
        The address to listen on for SNMP and AgentX messages.
      '';
      example = "127.0.0.1";
    };

    port = lib.mkOption {
      type = lib.types.port;
      default = 161;
      description = lib.mdDoc ''
        The port to listen on for SNMP and AgentX messages.
      '';
    };

    openFirewall = lib.mkOption {
      type = lib.types.bool;
      default = false;
      description = lib.mdDoc ''
        Open port in firewall for snmpd.
      '';
    };

    configText = lib.mkOption {
      type = lib.types.lines;
      default = "";
      description = lib.mdDoc ''
        The contents of the snmpd.conf. If the {option}`configFile` option
        is set, this value will be ignored.

        Note that the contents of this option will be added to the Nix
        store as world-readable plain text, {option}`configFile` can be used in
        addition to a secret management tool to protect sensitive data.
      '';
    };

    configFile = lib.mkOption {
      type = lib.types.path;
      default = configFile;
      defaultText = lib.literalMD "The value of {option}`configText`.";
      description = lib.mdDoc ''
        Path to the snmpd.conf file. By default, if {option}`configText` is set,
        a config file will be automatically generated.
      '';
    };

  };

  config = lib.mkIf cfg.enable {
    systemd.services."snmpd" = {
      description = "Simple Network Management Protocol (SNMP) daemon.";
      after = [ "network.target" ];
      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        Type = "simple";
        ExecStart = "${lib.getExe' cfg.package "snmpd"} -f -Lo -c ${cfg.configFile} ${cfg.listenAddress}:${toString cfg.port}";
      };
    };

    networking.firewall.allowedUDPPorts = lib.mkIf cfg.openFirewall [
      cfg.port
    ];
  };

  meta.maintainers = [ lib.maintainers.eliandoran ];

}