forked from DGNum/infrastructure
feat(external/netbox): Add OIDC configuration
This commit is contained in:
parent
e91b0c81f1
commit
7007fece7a
4 changed files with 84 additions and 35 deletions
46
external/netbox/default.nix
vendored
46
external/netbox/default.nix
vendored
|
@ -1,28 +1,50 @@
|
||||||
{ pkgs, lib, config, ... }:
|
{ config, pkgs, ... }: {
|
||||||
{
|
imports = [ ./secrets ];
|
||||||
imports = [
|
|
||||||
./secrets
|
services = {
|
||||||
];
|
netbox = {
|
||||||
services.netbox = {
|
|
||||||
enable = true;
|
enable = true;
|
||||||
secretKeyFile = config.age.secrets."netbox".path;
|
secretKeyFile = config.age.secrets."netbox".path;
|
||||||
listenAddress = "127.0.0.1";
|
listenAddress = "127.0.0.1";
|
||||||
settings = {
|
settings = {
|
||||||
ALLOWED_HOSTS = [ "netbox.dgnum.sinavir.fr" ];
|
ALLOWED_HOSTS = [ "netbox.dgnum.sinavir.fr" ];
|
||||||
|
REMOTE_AUTH_BACKEND =
|
||||||
|
"social_core.backends.open_id_connect.OpenIdConnectAuth";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
from os import environ as env
|
||||||
|
|
||||||
|
SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = env["NETBOX_OIDC_URL"]
|
||||||
|
SOCIAL_AUTH_OIDC_KEY = env["NETBOX_OIDC_KEY"]
|
||||||
|
SOCIAL_AUTH_OIDC_SECRET = env["NETBOX_OIDC_SECRET"]
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
# my server is slow sorry
|
|
||||||
systemd.services.netbox.serviceConfig.TimeoutStartSec = 600;
|
nginx = {
|
||||||
services.nginx = {
|
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts."netbox.dgnum.sinavir.fr" = {
|
virtualHosts."netbox.dgnum.sinavir.fr" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
locations."/".proxyPass = "http://${config.services.netbox.listenAddress}:${builtins.toString config.services.netbox.port}";
|
|
||||||
locations."/static/".alias = "${config.services.netbox.dataDir}/static/";
|
locations."/".proxyPass =
|
||||||
|
"http://${config.services.netbox.listenAddress}:${
|
||||||
|
builtins.toString config.services.netbox.port
|
||||||
|
}";
|
||||||
|
locations."/static/".alias =
|
||||||
|
"${config.services.netbox.dataDir}/static/";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
postgresql.package = pkgs.postgresql_14;
|
||||||
|
};
|
||||||
|
|
||||||
|
# my server is slow sorry
|
||||||
|
systemd.services.netbox.serviceConfig = {
|
||||||
|
TimeoutStartSec = 600;
|
||||||
|
EnvironmentFile = config.age.secrets."netbox_env".path;
|
||||||
|
};
|
||||||
|
|
||||||
users.users.nginx.extraGroups = [ "netbox" ];
|
users.users.nginx.extraGroups = [ "netbox" ];
|
||||||
networking.firewall.allowedTCPPorts = [ 443 80 ];
|
networking.firewall.allowedTCPPorts = [ 443 80 ];
|
||||||
services.postgresql.package = pkgs.postgresql_14;
|
|
||||||
}
|
}
|
||||||
|
|
8
external/netbox/secrets/default.nix
vendored
8
external/netbox/secrets/default.nix
vendored
|
@ -1,14 +1,10 @@
|
||||||
{
|
_: {
|
||||||
pkgs,
|
|
||||||
config,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
age.secrets = {
|
age.secrets = {
|
||||||
"netbox" = {
|
"netbox" = {
|
||||||
file = ./netbox.age;
|
file = ./netbox.age;
|
||||||
group = "netbox";
|
group = "netbox";
|
||||||
owner = "netbox";
|
owner = "netbox";
|
||||||
};
|
};
|
||||||
|
"netbox_env".file = ./netbox_env.age;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
31
external/netbox/secrets/netbox_env.age
vendored
Normal file
31
external/netbox/secrets/netbox_env.age
vendored
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 6J6ApA uOgCmOqPlLdETLFaMMPKIjbp6d41T0gtX0X0hGJDElA
|
||||||
|
cBHPVEsfBpEEzHN7ryG7TF7VYt4ft0tO20UOfM1+J5E
|
||||||
|
-> ssh-ed25519 JGx7Ng IEeY5TQO0glsTZSsrPS9TlMnz5f1okeWlut640ahAio
|
||||||
|
AYVWLcPETYKJAYxlUpFpQcPSsIffDIX9+9seqONrCFc
|
||||||
|
-> ssh-ed25519 Ih+Lhw UDpkkIBQKwPMKlby2KdPOauvW9fZdVzvpLy6PB55aCI
|
||||||
|
YvuwrcEHiPVdg7qIzR+y86mSQSbMezbfXvWa8krucP0
|
||||||
|
-> ssh-ed25519 jIXfPA j7tG5njdpep2XrlFieR/DxhDdzAixDG++erR3KC6fQI
|
||||||
|
h4BM2WgwJ0CZG5/XM50V086YF4UGJcmBiOmxsIyf190
|
||||||
|
-> ssh-ed25519 QlRB9Q vfE9b1Yo8zr+eUPGrWfl2T3rIlD2j0QweDXSI7wu1TU
|
||||||
|
Uupo2QK0dbjE9UEt6A/6nxQViW1LvqhDU5lX+hOYX2o
|
||||||
|
-> ssh-ed25519 r+nK/Q zj475ZsZBzPjfOzqyyylvpG0J00ZiE8NWL+rvhURRWk
|
||||||
|
ZSpCLcgfm3X2+KIllRVUVZamn3JZrlUOR/Nahk5sBUA
|
||||||
|
-> ssh-rsa krWCLQ
|
||||||
|
Uij+BTfVAjkGIKQ3qSL+E5YGJfZ6nMB/Kw3IWwZD1QGih6CO3+oooGR1DOqAJv0O
|
||||||
|
o2H9v3AbAr0qnaYjK0Gjw/2+6uSu5SDt75p1ocMvLu8gwM1Br+T/7uSuIw7wLgPz
|
||||||
|
IinUGDPTFhjR7X7x16IxgXWGMowCa6K/285ztY8v0v9s22uNrrjNEGEiJ/qn41DX
|
||||||
|
8hpOmRpxiq5xOG1fsWQYsSW+ZmobBWfJJXzM0iknQL+GniRZd/ySjWr84HcMjDns
|
||||||
|
8CcTgeo6gVstQITekvMS3jkixmszJhFJR8WMS9b/bunDIGrxj3cUEObRAzlU48Jd
|
||||||
|
dAzOQ+kjzqMwnXbNexq54w
|
||||||
|
-> ssh-ed25519 /vwQcQ kYZUqgKfoKSAaaJal1bl521wUkrZXR/12+U9Fuff4m8
|
||||||
|
4foVQpY3UGsUz1jQFQF+5Es3ui0+QsRVRFgxEmmcws4
|
||||||
|
-> ssh-ed25519 0R97PA rW9FfcNNRzvCF7p8KOLjJnKZN0dOdJ1nANzaA1vEzw0
|
||||||
|
yd1gOIEucTCXsciTtB3VPjdlJvrqv/SKuQwtNKVhGs0
|
||||||
|
-> ssh-ed25519 JGx7Ng KdsKUOQ+6VcZyxT63RoPpJyK8qg1xkVz8NuPDJUauQs
|
||||||
|
MSwBdYg/wGrvylPoIy+UVjiIyVfqbyuliIEVuk+B7cQ
|
||||||
|
-> Ko+-grease
|
||||||
|
xF0g4xMUtgeLzmHbpdZM/cKiQ1yXVpcgLXhpd4czuP4Mv0YDZPnE5//nFsh2N9M2
|
||||||
|
ugEnZvPls1cMoKMh6DoM
|
||||||
|
--- VzbmV+CoC0fLoX3FKJqQqbde/H5E77JhGDcedYKbk+g
|
||||||
|
„ï+m|L™å¬åŽ<C3A5>¬.·H£±2”®_©R~uév]¢OmR`ÿ&é˜d-Á¨äHñ8“ˆOð s,ÒpRéeÓš¿ö ®Åh¹t¤Kx=Y¼ÖêÒ×è·Ìdâ`±FADñŒLÐqJo Ÿ›”¶Ð¯>ž:9`9|3cëÆ…’™<îGð$É)}©€?;-$öb•º<16>!Éþ.÷¦†—³{¶Cï¡´0¿ )äk&¹úr<šöâf¥³
|
14
external/netbox/secrets/secrets.nix
vendored
14
external/netbox/secrets/secrets.nix
vendored
|
@ -4,12 +4,12 @@ let
|
||||||
inherit ((import sources.nixpkgs { })) lib;
|
inherit ((import sources.nixpkgs { })) lib;
|
||||||
nix-lib = import ../../../lib { };
|
nix-lib = import ../../../lib { };
|
||||||
|
|
||||||
groups = (import ../../../meta).members.groups;
|
inherit ((import ../../../meta).members) groups;
|
||||||
|
|
||||||
|
publicKeys = lib.splitString "\n"
|
||||||
|
(builtins.readFile (./maurice.keys)) # maurice servers' keys
|
||||||
|
++ nix-lib.getAllKeys (groups.netbox ++ groups.root);
|
||||||
in {
|
in {
|
||||||
"netbox.age".publicKeys =
|
"netbox.age" = { inherit publicKeys; };
|
||||||
lib.splitString "\n" (builtins.readFile (./maurice.keys)) # maurice servers' keys
|
"netbox_env.age" = { inherit publicKeys; };
|
||||||
++ nix-lib.getAllKeys (
|
|
||||||
groups.netbox ++
|
|
||||||
groups.root
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue