From 20334be668c2ad0930ac3b8fcbc970489e268fab Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Sat, 1 Mar 2025 16:42:07 +0100
Subject: [PATCH] feat(compute01): Deploy a copy of netbox

---
 machines/nixos/compute01/_configuration.nix   |   1 +
 machines/nixos/compute01/kanidm/default.nix   |   5 +-
 machines/nixos/compute01/netbox.nix           |  74 ++++++++++++++++++
 .../compute01/secrets/netbox-environment_file | Bin 0 -> 1713 bytes
 machines/nixos/compute01/secrets/secrets.nix  |   1 +
 5 files changed, 80 insertions(+), 1 deletion(-)
 create mode 100644 machines/nixos/compute01/netbox.nix
 create mode 100644 machines/nixos/compute01/secrets/netbox-environment_file

diff --git a/machines/nixos/compute01/_configuration.nix b/machines/nixos/compute01/_configuration.nix
index c252089..f456e0b 100644
--- a/machines/nixos/compute01/_configuration.nix
+++ b/machines/nixos/compute01/_configuration.nix
@@ -25,6 +25,7 @@ lib.extra.mkConfig {
     "kanidm"
     "librenms"
     "mastodon"
+    # "netbox"
     "nextcloud"
     "ollama-proxy"
     "outline"
diff --git a/machines/nixos/compute01/kanidm/default.nix b/machines/nixos/compute01/kanidm/default.nix
index 228cd76..a9ec827 100644
--- a/machines/nixos/compute01/kanidm/default.nix
+++ b/machines/nixos/compute01/kanidm/default.nix
@@ -144,7 +144,10 @@ in
           displayName = "Netbox [Inventory]";
           enableLegacyCrypto = true;
           originLanding = "https://netbox.dgnum.eu";
-          originUrl = "https://netbox.dgnum.eu/oauth/complete/oidc/";
+          originUrl = [
+            "https://netbox.dgnum.eu/oauth/complete/oidc/"
+            "https://netbox-v2.dgnum.eu/oauth/complete/oidc/"
+          ];
           preferShortUsername = true;
 
           scopeMaps.grp_active = [
diff --git a/machines/nixos/compute01/netbox.nix b/machines/nixos/compute01/netbox.nix
new file mode 100644
index 0000000..50b358d
--- /dev/null
+++ b/machines/nixos/compute01/netbox.nix
@@ -0,0 +1,74 @@
+# SPDX-FileCopyrightText: 2024 Maurice Debray <maurice.debray@dgnum.eu>
+#
+# SPDX-License-Identifier: EUPL-1.2
+
+{
+  config,
+  lib,
+  nixpkgs,
+  ...
+}:
+
+let
+  EnvironmentFile = [ config.age.secrets."netbox-environment_file".path ];
+in
+
+{
+  services = {
+    netbox = {
+      enable = true;
+      package = nixpkgs.nixos.unstable.netbox_4_1;
+      secretKeyFile = "/dev/null";
+      listenAddress = "127.0.0.1";
+      plugins = p: [ p.netbox-qrcode ];
+      settings = {
+        ALLOWED_HOSTS = [ "netbox-v2.dgnum.eu" ];
+        REMOTE_AUTH_BACKEND = "social_core.backends.open_id_connect.OpenIdConnectAuth";
+        PLUGINS = [ "netbox_qrcode" ];
+        PLUGINS_CONFIG = {
+          netbox_qrcode = {
+            custom_text = "DGNum. contact@dgnum.eu";
+            font = "Tahoma";
+          };
+        };
+      };
+
+      extraConfig = lib.mkForce ''
+        from os import environ as env
+
+        SECRET_KEY = env["SECRET_KEY"]
+
+        SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = env["NETBOX_OIDC_URL"]
+        SOCIAL_AUTH_OIDC_KEY = env["NETBOX_OIDC_KEY"]
+        SOCIAL_AUTH_OIDC_SECRET = env["NETBOX_OIDC_SECRET"]
+      '';
+    };
+  };
+
+  systemd.services = {
+    netbox.serviceConfig = {
+      inherit EnvironmentFile;
+
+      TimeoutStartSec = 600;
+    };
+
+    netbox-housekeeping.serviceConfig = {
+      inherit EnvironmentFile;
+    };
+
+    netbox-rq.serviceConfig = {
+      inherit EnvironmentFile;
+    };
+  };
+
+  users.users.nginx.extraGroups = [ "netbox" ];
+
+  dgn-web.simpleProxies.netbox = {
+    inherit (config.services.netbox) port;
+    host = "netbox-v2.dgnum.eu";
+    vhostConfig.locations."/static/".alias = "${config.services.netbox.dataDir}/static/";
+  };
+
+  # dgn-backups.jobs.netbox.settings.paths = [ "/var/lib/netbox" ];
+  # dgn-backups.postgresDatabases = [ "netbox" ];
+}
diff --git a/machines/nixos/compute01/secrets/netbox-environment_file b/machines/nixos/compute01/secrets/netbox-environment_file
new file mode 100644
index 0000000000000000000000000000000000000000..47b09f65b9cacbdc62b7dc9c1c927a84021f39d0
GIT binary patch
literal 1713
zcmZY8&+FuN9mjE%MN4!ky(m2hqpYCB?<SMUOp-49wUbPKPBNKKCNq=dqWLxXotb1Z
zlOOBP>On;<)b=2&wc7=;;Pz51rDCZEwLL6ItxClrYAyAm+l8)J5G=x8wtvBcH_!LW
z4*U~8cguEHMce%RwhWMCA38bh?f2n{?_tAXpX$Y;v6+v1yLDv_kh+aSA>AS3$ej{d
zHD(5caGY?wF-cJ7I18!(jZkPrupMnwk>HGw#v7>%B0lz`JW1v?Hd&3;?J6Eh6{-91
z_)ZO^8cl)Tq?8q8LL3nw(YpZ7?M$=w1>XhfmO}|JY#oB!9TQH{6Ud0yb+|7Ufpf@g
zwipsjBz4|emesYmYQ~<h(&-x4I$2-dsg-a(ML;jGg?`f<Qm-CzB^RM82Ihk>O8eVb
zl5u%O0kd$|-C(fBA*!!diwrpNn4IYu1q-cGwYk;pw)HF-NGRTTESp$?#gn(Sa&PyN
za?Qv9vYP`7%c+1+{h_*4c6l-**jekzjHq{dxOPc>I|B#X<AF99#BGR-;FxSgd*GoP
zf2u<qP0!{SV@p9;2Sam2DS9O&jy&^$gAUzP*}{FCFr7Uh*yEHgr~ofu^|*-;Fo(xx
z4GHM6G#0RhxV&3ngD%FTY}I;en4W?*Uj<9WMI%tRh{BgFV!D1v!<0ZP8CT*0U|c9W
zpe`$;2z>~L^YOf3<Q3ng7Us|+Rt~2a(liZe(eozPGDg+%b{gqN44W)=xQEwP1u0<5
zlGLtR9c^RdbSsX;j&o^9&p=blM|I6k2MVuf+yn*_xynXLY0e8d?O<Blj0L%djLBd}
zj&Rb_+cK5mI2e0e{H{+zjx}&WZ`$P>hsM{ev20e#j_S7RcETEJyENy{ie2FzZ>z+p
zkI*8dsYHBesZCh13&9#PQK^pl0NWH{CW<q0Uyde|HuSB{SiIf#_DWEVBHmdEK>{p|
zb4RzGZ6tG&3=Zy6j5^zLLeg`B6nUp51&fS<Lb;qU@VGMP%p7L-U1fPf!_>?%WU|)Q
z_bO;KRrAUjUYmDn65kNBpl9r(Ly1Y#g8{NIZ)6ZiVppIZLDvnrBcqXcIJDeoMq&ws
z;aN$n71I@P&zy#9b0j)L4%6VMoke4rm!xo~qz;nD_??=wjN>Ti4G|>ibeyMzS(GiP
zDGOWFl4*vrlq8Jbx5zyPl5LU-3l?$_KQwthMa#?#cN5H5FzZUEmIA{%flJo{y`NK4
z6KmCX-BwKsNeg;#M4M3nQ;T`whx3u$cuZ*4t*7t;sR_9nWP#LdV>quBXl>?&%Wc}R
zMSGPi(Da6&tIn@&C-WP#MhZ8OopG_J<NtR<nv+k2ZY-VzrEl;3UYuNz`QG^m^x_K;
znBo)O#14t;@Ds5K1_(~XV6Y6fhZN1pnJ}7(EGkFCg0_{_j>{uJI+jt%>aykg@Cb6W
z;nqiJ7$lVtVU+G>*1_{E!8nGZZ{Tj<1XH0)(A4u;K7dY6PI`0Q<}9*X`OA)W`nx2Q
zg|1{-4@Vkga!dwFp$C1w!FMSRoqg<AXMX7gXI}(g4B(H1zc$vF_{T4wd*S5=PG0%R
zk6$|S_uRa3^~JXb_8)%n&_B)7`yaTHUj6-3XI^{Xt-}YOenZpGzx{#h(Dgb1AO6d8
zXMT9;+7Ev7pUZDO{NQ~dBlN6`_Vi;98RJKr@5gt2<>4={MdH?L7w2Di?)vJ#+OyC9
z{K41H37`D@SO0qL&ClF4Zawu6=3@BdH$GiH(p~!5*Y9SZJ^dE<r|k6O)c4@OUkx{R
zy?XAke<NG?U-xdlNshZueeQ*OKbyYws(bj*Jujc-E}#DGqmO(?e&%a`ymJ3<)#8cO
vjhEhYU-`rvH=hif8`o}Kq2K@fkA7M{`pWBfe<}Ih`Tln={Q14#e$)LQS(8uO

literal 0
HcmV?d00001

diff --git a/machines/nixos/compute01/secrets/secrets.nix b/machines/nixos/compute01/secrets/secrets.nix
index 00e0f39..8f9d3e6 100644
--- a/machines/nixos/compute01/secrets/secrets.nix
+++ b/machines/nixos/compute01/secrets/secrets.nix
@@ -22,6 +22,7 @@
     "librenms-environment_file"
     "mastodon-extra_env_file"
     "mastodon-smtp-password"
+    "netbox-environment_file"
     "nextcloud-adminpass_file"
     "nextcloud-s3_secret_file"
     "outline-oidc_client_secret_file"