feat(external/netbox): Add OIDC configuration

2023-12-17 17:16:53 +01:00 · 2023-12-17 17:16:53 +01:00 · 7007fece7a
commit 7007fece7a
parent e91b0c81f1
4 changed files with 84 additions and 35 deletions
--- a/external/netbox/default.nix
+++ b/external/netbox/default.nix
@ -1,28 +1,50 @@
-{ pkgs, lib, config, ... }:
-{
-  imports = [
-    ./secrets
-  ];
-  services.netbox = {
-    enable = true;
-    secretKeyFile = config.age.secrets."netbox".path;
-    listenAddress = "127.0.0.1";
-    settings = {
-      ALLOWED_HOSTS = [ "netbox.dgnum.sinavir.fr" ];
+{ config, pkgs, ... }: {
+  imports = [ ./secrets ];
+
+  services = {
+    netbox = {
+      enable = true;
+      secretKeyFile = config.age.secrets."netbox".path;
+      listenAddress = "127.0.0.1";
+      settings = {
+        ALLOWED_HOSTS = [ "netbox.dgnum.sinavir.fr" ];
+        REMOTE_AUTH_BACKEND =
+          "social_core.backends.open_id_connect.OpenIdConnectAuth";
+      };
+
+      extraConfig = ''
+        from os import environ as env
+
+        SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = env["NETBOX_OIDC_URL"]
+        SOCIAL_AUTH_OIDC_KEY = env["NETBOX_OIDC_KEY"]
+        SOCIAL_AUTH_OIDC_SECRET = env["NETBOX_OIDC_SECRET"]
+      '';
    };
+
+    nginx = {
+      enable = true;
+      virtualHosts."netbox.dgnum.sinavir.fr" = {
+        enableACME = true;
+        forceSSL = true;
+
+        locations."/".proxyPass =
+          "http://${config.services.netbox.listenAddress}:${
+            builtins.toString config.services.netbox.port
+          }";
+        locations."/static/".alias =
+          "${config.services.netbox.dataDir}/static/";
+      };
+    };
+
+    postgresql.package = pkgs.postgresql_14;
  };
+
  # my server is slow sorry
-  systemd.services.netbox.serviceConfig.TimeoutStartSec = 600;
-  services.nginx = {
-    enable = true;
-    virtualHosts."netbox.dgnum.sinavir.fr" = {
-      enableACME = true;
-      forceSSL = true;
-      locations."/".proxyPass = "http://${config.services.netbox.listenAddress}:${builtins.toString config.services.netbox.port}";
-      locations."/static/".alias = "${config.services.netbox.dataDir}/static/";
-    };
+  systemd.services.netbox.serviceConfig = {
+    TimeoutStartSec = 600;
+    EnvironmentFile = config.age.secrets."netbox_env".path;
  };
-  users.users.nginx.extraGroups = ["netbox"];
+
+  users.users.nginx.extraGroups = [ "netbox" ];
  networking.firewall.allowedTCPPorts = [ 443 80 ];
-  services.postgresql.package = pkgs.postgresql_14;
 }