diff --git a/machines/nixos/compute01/_configuration.nix b/machines/nixos/compute01/_configuration.nix index c252089..f456e0b 100644 --- a/machines/nixos/compute01/_configuration.nix +++ b/machines/nixos/compute01/_configuration.nix @@ -25,6 +25,7 @@ lib.extra.mkConfig { "kanidm" "librenms" "mastodon" + # "netbox" "nextcloud" "ollama-proxy" "outline" diff --git a/machines/nixos/compute01/kanidm/default.nix b/machines/nixos/compute01/kanidm/default.nix index 228cd76..a9ec827 100644 --- a/machines/nixos/compute01/kanidm/default.nix +++ b/machines/nixos/compute01/kanidm/default.nix @@ -144,7 +144,10 @@ in displayName = "Netbox [Inventory]"; enableLegacyCrypto = true; originLanding = "https://netbox.dgnum.eu"; - originUrl = "https://netbox.dgnum.eu/oauth/complete/oidc/"; + originUrl = [ + "https://netbox.dgnum.eu/oauth/complete/oidc/" + "https://netbox-v2.dgnum.eu/oauth/complete/oidc/" + ]; preferShortUsername = true; scopeMaps.grp_active = [ diff --git a/machines/nixos/compute01/netbox.nix b/machines/nixos/compute01/netbox.nix new file mode 100644 index 0000000..50b358d --- /dev/null +++ b/machines/nixos/compute01/netbox.nix @@ -0,0 +1,74 @@ +# SPDX-FileCopyrightText: 2024 Maurice Debray +# +# SPDX-License-Identifier: EUPL-1.2 + +{ + config, + lib, + nixpkgs, + ... +}: + +let + EnvironmentFile = [ config.age.secrets."netbox-environment_file".path ]; +in + +{ + services = { + netbox = { + enable = true; + package = nixpkgs.nixos.unstable.netbox_4_1; + secretKeyFile = "/dev/null"; + listenAddress = "127.0.0.1"; + plugins = p: [ p.netbox-qrcode ]; + settings = { + ALLOWED_HOSTS = [ "netbox-v2.dgnum.eu" ]; + REMOTE_AUTH_BACKEND = "social_core.backends.open_id_connect.OpenIdConnectAuth"; + PLUGINS = [ "netbox_qrcode" ]; + PLUGINS_CONFIG = { + netbox_qrcode = { + custom_text = "DGNum. contact@dgnum.eu"; + font = "Tahoma"; + }; + }; + }; + + extraConfig = lib.mkForce '' + from os import environ as env + + SECRET_KEY = env["SECRET_KEY"] + + SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = env["NETBOX_OIDC_URL"] + SOCIAL_AUTH_OIDC_KEY = env["NETBOX_OIDC_KEY"] + SOCIAL_AUTH_OIDC_SECRET = env["NETBOX_OIDC_SECRET"] + ''; + }; + }; + + systemd.services = { + netbox.serviceConfig = { + inherit EnvironmentFile; + + TimeoutStartSec = 600; + }; + + netbox-housekeeping.serviceConfig = { + inherit EnvironmentFile; + }; + + netbox-rq.serviceConfig = { + inherit EnvironmentFile; + }; + }; + + users.users.nginx.extraGroups = [ "netbox" ]; + + dgn-web.simpleProxies.netbox = { + inherit (config.services.netbox) port; + host = "netbox-v2.dgnum.eu"; + vhostConfig.locations."/static/".alias = "${config.services.netbox.dataDir}/static/"; + }; + + # dgn-backups.jobs.netbox.settings.paths = [ "/var/lib/netbox" ]; + # dgn-backups.postgresDatabases = [ "netbox" ]; +} diff --git a/machines/nixos/compute01/secrets/netbox-environment_file b/machines/nixos/compute01/secrets/netbox-environment_file new file mode 100644 index 0000000..47b09f6 Binary files /dev/null and b/machines/nixos/compute01/secrets/netbox-environment_file differ diff --git a/machines/nixos/compute01/secrets/secrets.nix b/machines/nixos/compute01/secrets/secrets.nix index 00e0f39..8f9d3e6 100644 --- a/machines/nixos/compute01/secrets/secrets.nix +++ b/machines/nixos/compute01/secrets/secrets.nix @@ -22,6 +22,7 @@ "librenms-environment_file" "mastodon-extra_env_file" "mastodon-smtp-password" + "netbox-environment_file" "nextcloud-adminpass_file" "nextcloud-s3_secret_file" "outline-oidc_client_secret_file"