From 22e87649580d1a4329958eff41a83f3f86886156 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Mon, 22 Jun 2020 20:55:09 +0100
Subject: [PATCH] Update SNMP configuration for lyonix

---
 cookbooks/snmpd/recipes/default.rb            | 24 +++++++++++++++++++
 .../snmpd/templates/default/snmpd.conf.erb    |  5 +++-
 roles/lyonix.rb                               |  3 ++-
 3 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/cookbooks/snmpd/recipes/default.rb b/cookbooks/snmpd/recipes/default.rb
index ccafc831c..10353914c 100644
--- a/cookbooks/snmpd/recipes/default.rb
+++ b/cookbooks/snmpd/recipes/default.rb
@@ -60,3 +60,27 @@ else
     source_ports "1024:"
   end
 end
+
+if node[:snmpd][:clients6]
+  node[:snmpd][:clients6].each do |address|
+    firewall_rule "accept-snmp" do
+      action :accept
+      family "inet6"
+      source "net:#{address}"
+      dest "fw"
+      proto "udp"
+      dest_ports "snmp"
+      source_ports "1024:"
+    end
+  end
+else
+  firewall_rule "accept-snmp" do
+    action :accept
+    family "inet6"
+    source "net"
+    dest "fw"
+    proto "udp"
+    dest_ports "snmp"
+    source_ports "1024:"
+  end
+end
diff --git a/cookbooks/snmpd/templates/default/snmpd.conf.erb b/cookbooks/snmpd/templates/default/snmpd.conf.erb
index 9239fbd30..e47f2e03f 100644
--- a/cookbooks/snmpd/templates/default/snmpd.conf.erb
+++ b/cookbooks/snmpd/templates/default/snmpd.conf.erb
@@ -1,6 +1,9 @@
 # DO NOT EDIT - This file is being maintained by Chef
 
-rocommunity     <%= @communities[node[:snmpd][:community]] %>
+<% @communities[node[:snmpd][:community]].each do |community| -%>  
+rocommunity     <%= community %>
+rocommunity6    <%= community %>
+<% end -%>
 syslocation     <%= node[:snmpd][:location] %>
 <% if node[:snmpd][:contact] -%>
 syscontact      <%= node[:snmpd][:contact] %>
diff --git a/roles/lyonix.rb b/roles/lyonix.rb
index faf838dac..715f6a848 100644
--- a/roles/lyonix.rb
+++ b/roles/lyonix.rb
@@ -8,7 +8,8 @@ default_attributes(
     :nameservers => ["77.95.64.205", "77.95.64.206", "8.8.8.8", "8.8.4.4"]
   },
   :snmpd => {
-    :clients => ["77.95.64.0/24", "77.95.70.0/24"],
+    :clients => ["77.95.64.0/21"],
+    :clients6 => ["2a03:9180::/32", "2001:7f8:47::/48"],
     :community => "lyonix",
     :location => "LYON",
     :contact => "noc@lyonix.net"
-- 
2.39.5