ecoppens/infrastructure
1
0
Fork 0
forked from DGNum/infrastructure
Code Pull requests Activity

feat(web01): Netbox

Browse source
This commit is contained in:
sinavir 2024-02-23 00:57:26 +01:00
parent 74baeed754
commit f778fb131f
11 changed files with 98 additions and 108 deletions
Download patch file Download diff file Expand all files Collapse all files

54
machines/web01/netbox.nix Normal file
View file

@ -0,0 +1,54 @@
{ config, pkgs, sources, lib, ... }:
{
services = {
netbox = {
enable = true;
package = (import sources.nixos-unstable {}).pkgs.netbox_3_7;
secretKeyFile = "/dev/null";
listenAddress = "127.0.0.1";
settings = {
ALLOWED_HOSTS = [ "netbox.dgnum.eu" ];
REMOTE_AUTH_BACKEND = "social_core.backends.open_id_connect.OpenIdConnectAuth";
};
extraConfig = lib.mkForce ''
from os import environ as env
SECRET_KEY = env["SECRET_KEY"]
SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = env["NETBOX_OIDC_URL"]
SOCIAL_AUTH_OIDC_KEY = env["NETBOX_OIDC_KEY"]
SOCIAL_AUTH_OIDC_SECRET = env["NETBOX_OIDC_SECRET"]
'';
};
nginx = {
enable = true;
virtualHosts."netbox.dgnum.eu" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${config.services.netbox.listenAddress}:${builtins.toString config.services.netbox.port}";
locations."/static/".alias = "${config.services.netbox.dataDir}/static/";
};
};
};
systemd.services.netbox.serviceConfig = {
TimeoutStartSec = 600;
EnvironmentFile = config.age.secrets.netbox_env.path;
};
systemd.services.netbox-housekeeping.serviceConfig = {
EnvironmentFile = config.age.secrets.netbox_env.path;
};
systemd.services.netbox-rq.serviceConfig = {
EnvironmentFile = config.age.secrets.netbox_env.path;
};
users.users.nginx.extraGroups = [ "netbox" ];
networking.firewall.allowedTCPPorts = [
443
80
];
}