### Autogenerated by snmp.py ###

# non configurable defaults
sysObjectID 1.3.6.1.4.1.44641
sysServices 14
master agentx
agentXPerms 0777 0777
pass .1.3.6.1.2.1.31.1.1.1.18 /opt/vyatta/sbin/if-mib-alias
smuxpeer .1.3.6.1.2.1.83
smuxpeer .1.3.6.1.2.1.157
smuxsocket localhost

# linkUp/Down configure the Event MIB tables to monitor
# the ifTable for network interfaces being taken up or down
# for making internal queries to retrieve any necessary information
iquerySecName {{ vyos_user }}

# Modified from the default linkUpDownNotification
# to include more OIDs and poll more frequently
notificationEvent  linkUpTrap    linkUp   ifIndex ifDescr ifType ifAdminStatus ifOperStatus
notificationEvent  linkDownTrap  linkDown ifIndex ifDescr ifType ifAdminStatus ifOperStatus
monitor  -r 10 -e linkUpTrap   "Generate linkUp" ifOperStatus != 2
monitor  -r 10 -e linkDownTrap "Generate linkDown" ifOperStatus == 2

# Remove all old ifTable entries with the same ifName as newly appeared
# interface (with different ifIndex) - this is the case on e.g. ppp interfaces
interface_replace_old yes

# T4902: exclude container storage from monitoring
ignoreDisk /usr/lib/live/mount/persistence/container

########################
# configurable section #
########################

# Default system description is VyOS version
sysDescr VyOS {{ version }}

{% if description is vyos_defined %}
# Description
SysDescr {{ description }}
{% endif %}

# Listen
{% set options = [] %}
{% if listen_address is vyos_defined %}
{%     for address, address_options in listen_address.items() %}
{%         if address | is_ipv6 %}
{%             set protocol = protocol ~ '6' %}
{%         endif %}
{%         set _ = options.append(protocol ~ ':' ~ address | bracketize_ipv6 ~ ':' ~ address_options.port) %}
{%     endfor %}
{% else %}
{%     set _ = options.append(protocol ~ ':161') %}
{%     set _ = options.append(protocol ~ '6:161') %}
{% endif %}
agentaddress unix:/run/snmpd.socket{{ ',' ~ options | join(',') if options is vyos_defined }}

# SNMP communities
{% if community is vyos_defined %}
{%     for comm, comm_config in community.items() %}
{%         if comm_config.client is vyos_defined %}
{%             for client in comm_config.client %}
{%                 if client | is_ipv4 %}
{{ comm_config.authorization }}community {{ comm }} {{ client }} -V RESTRICTED
{%                 elif client | is_ipv6 %}
{{ comm_config.authorization }}community6 {{ comm }} {{ client }} -V RESTRICTED
{%                 endif %}
{%             endfor %}
{%         endif %}
{%         if comm_config.network is vyos_defined %}
{%             for network in comm_config.network %}
{%                 if network | is_ipv4 %}
{{ comm_config.authorization }}community {{ comm }} {{ network }} -V RESTRICTED
{%                 elif network | is_ipv6 %}
{{ comm_config.authorization }}community6 {{ comm }} {{ network }} -V RESTRICTED
{%                 endif %}
{%             endfor %}
{%         endif %}
{%     endfor %}
{% endif %}

# Default RESTRICTED view
view RESTRICTED    included .1 80
{% if 'ip-route-table' not in oid_enable %}
# ipRouteTable oid: excluded
view RESTRICTED    excluded  .1.3.6.1.2.1.4.21
{% endif %}
{% if 'ip-net-to-media-table' not in oid_enable %}
# ipNetToMediaTable oid: excluded
view RESTRICTED    excluded  .1.3.6.1.2.1.4.22
{% endif %}
{% if 'ip-net-to-physical-phys-address' not in oid_enable %}
# ipNetToPhysicalPhysAddress oid: excluded
view RESTRICTED    excluded  .1.3.6.1.2.1.4.35
{% endif %}
{% if 'ip-forward' not in oid_enable %}
# ipForward oid: excluded
view RESTRICTED    excluded  .1.3.6.1.2.1.4.24
{% endif %}

{% if contact is vyos_defined %}
# system contact information
SysContact {{ contact }}
{% endif %}

{% if location is vyos_defined %}
# system location information
SysLocation {{ location }}
{% endif %}

{% if smux_peer is vyos_defined %}
# additional smux peers
{%     for peer in smux_peer %}
smuxpeer {{ peer }}
{%     endfor %}
{% endif %}

{% if trap_target is vyos_defined %}
# if there is a problem - tell someone!
{%     for trap, trap_config in trap_target.items() %}
trap2sink {{ trap }}:{{ trap_config.port }} {{ trap_config.community }}
{%     endfor %}
{% endif %}

{% if v3 is vyos_defined %}
#
# SNMPv3 stuff goes here
#
{%     if v3.view is vyos_defined %}
# views
{%         for view, view_config in v3.view.items() %}
{%             if view_config.oid is vyos_defined %}
{%                 for oid in view_config.oid %}
view {{ view }} included .{{ oid }}
{%                 endfor %}
{%             endif %}
{%         endfor %}
{%     endif %}

# access
{%     if v3.group is vyos_defined %}
#             context sec.model sec.level match  read    write  notif
{%         for group, group_config in v3.group.items() %}
access {{ group }} "" usm {{ group_config.seclevel }} exact {{ group_config.view }} {{ 'none' if group_config.mode == 'ro' else group_config.view }} none
{%         endfor %}
{%     endif %}

# trap-target
{%     if v3.trap_target is vyos_defined %}
{%         for trap, trap_config in v3.trap_target.items() %}
{%             set options = '' %}
{%             if trap_config.type == 'inform' %}
{%                 set options = options ~ ' -Ci' %}
{%             endif %}
{%             if v3.engineid is vyos_defined %}
{%                 set options = options ~ ' -e "' ~ v3.engineid ~ '"' %}
{%             endif %}
{%             if trap_config.user is vyos_defined %}
{%                 set options = options ~ ' -u ' ~ trap_config.user %}
{%             endif %}
{%             if trap_config.auth.plaintext_password is vyos_defined or trap_config.auth.encrypted_password is vyos_defined %}
{%                 set options = options ~ ' -a ' ~ trap_config.auth.type %}
{%                 if trap_config.auth.plaintext_password is vyos_defined %}
{%                     set options = options ~ ' -A ' ~ trap_config.auth.plaintext_password %}
{%                 elif trap_config.auth.encrypted_password is vyos_defined %}
{%                     set options = options ~ ' -3m ' ~ trap_config.auth.encrypted_password %}
{%                 endif %}
{%                 if trap_config.privacy.plaintext_password is vyos_defined or trap_config.privacy.encrypted_password is vyos_defined %}
{%                     set options = options ~ ' -x ' ~ trap_config.privacy.type %}
{%                     if trap_config.privacy.plaintext_password is vyos_defined %}
{%                         set options = options ~ ' -X ' ~ trap_config.privacy.plaintext_password %}
{%                     elif trap_config.privacy.encrypted_password is vyos_defined %}
{%                         set options = options ~ ' -3M ' ~ trap_config.privacy.encrypted_password %}
{%                     endif %}
{%                     set options = options ~ ' -l authPriv' %}
{%                 else %}
{%                     set options = options ~ ' -l authNoPriv' %}
{%                 endif %}
{%             else %}
{%                 set options = options ~ ' -l noAuthNoPriv' %}
{%             endif %}
trapsess -v 3 {{ options }} {{ trap }}:{{ trap_config.protocol }}:{{ trap_config.port }}
{%         endfor %}
{%     endif %}

# group
{%     if v3.user is vyos_defined %}
{%         for user, user_config in v3.user.items() %}
group {{ user_config.group }} usm {{ user }}
{%         endfor %}
{%     endif %}
{# SNMPv3 end #}
{% endif %}

{% if script_extensions.extension_name is vyos_defined %}
# extension scripts
{%     for script, script_config in script_extensions.extension_name.items() | sort(attribute=script) %}
extend {{ script }} {{ script_config.script }}
{%     endfor %}
{% endif %}