forked from DGNum/infrastructure
feat(external/netbox): Add OIDC configuration
This commit is contained in:
parent
e91b0c81f1
commit
7007fece7a
4 changed files with 84 additions and 35 deletions
46
external/netbox/default.nix
vendored
46
external/netbox/default.nix
vendored
|
@ -1,28 +1,50 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
{
|
||||
imports = [
|
||||
./secrets
|
||||
];
|
||||
services.netbox = {
|
||||
{ config, pkgs, ... }: {
|
||||
imports = [ ./secrets ];
|
||||
|
||||
services = {
|
||||
netbox = {
|
||||
enable = true;
|
||||
secretKeyFile = config.age.secrets."netbox".path;
|
||||
listenAddress = "127.0.0.1";
|
||||
settings = {
|
||||
ALLOWED_HOSTS = [ "netbox.dgnum.sinavir.fr" ];
|
||||
REMOTE_AUTH_BACKEND =
|
||||
"social_core.backends.open_id_connect.OpenIdConnectAuth";
|
||||
};
|
||||
|
||||
extraConfig = ''
|
||||
from os import environ as env
|
||||
|
||||
SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = env["NETBOX_OIDC_URL"]
|
||||
SOCIAL_AUTH_OIDC_KEY = env["NETBOX_OIDC_KEY"]
|
||||
SOCIAL_AUTH_OIDC_SECRET = env["NETBOX_OIDC_SECRET"]
|
||||
'';
|
||||
};
|
||||
# my server is slow sorry
|
||||
systemd.services.netbox.serviceConfig.TimeoutStartSec = 600;
|
||||
services.nginx = {
|
||||
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."netbox.dgnum.sinavir.fr" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/".proxyPass = "http://${config.services.netbox.listenAddress}:${builtins.toString config.services.netbox.port}";
|
||||
locations."/static/".alias = "${config.services.netbox.dataDir}/static/";
|
||||
|
||||
locations."/".proxyPass =
|
||||
"http://${config.services.netbox.listenAddress}:${
|
||||
builtins.toString config.services.netbox.port
|
||||
}";
|
||||
locations."/static/".alias =
|
||||
"${config.services.netbox.dataDir}/static/";
|
||||
};
|
||||
};
|
||||
|
||||
postgresql.package = pkgs.postgresql_14;
|
||||
};
|
||||
|
||||
# my server is slow sorry
|
||||
systemd.services.netbox.serviceConfig = {
|
||||
TimeoutStartSec = 600;
|
||||
EnvironmentFile = config.age.secrets."netbox_env".path;
|
||||
};
|
||||
|
||||
users.users.nginx.extraGroups = [ "netbox" ];
|
||||
networking.firewall.allowedTCPPorts = [ 443 80 ];
|
||||
services.postgresql.package = pkgs.postgresql_14;
|
||||
}
|
||||
|
|
8
external/netbox/secrets/default.nix
vendored
8
external/netbox/secrets/default.nix
vendored
|
@ -1,14 +1,10 @@
|
|||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
_: {
|
||||
age.secrets = {
|
||||
"netbox" = {
|
||||
file = ./netbox.age;
|
||||
group = "netbox";
|
||||
owner = "netbox";
|
||||
};
|
||||
"netbox_env".file = ./netbox_env.age;
|
||||
};
|
||||
}
|
||||
|
|
31
external/netbox/secrets/netbox_env.age
vendored
Normal file
31
external/netbox/secrets/netbox_env.age
vendored
Normal file
|
@ -0,0 +1,31 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 6J6ApA uOgCmOqPlLdETLFaMMPKIjbp6d41T0gtX0X0hGJDElA
|
||||
cBHPVEsfBpEEzHN7ryG7TF7VYt4ft0tO20UOfM1+J5E
|
||||
-> ssh-ed25519 JGx7Ng IEeY5TQO0glsTZSsrPS9TlMnz5f1okeWlut640ahAio
|
||||
AYVWLcPETYKJAYxlUpFpQcPSsIffDIX9+9seqONrCFc
|
||||
-> ssh-ed25519 Ih+Lhw UDpkkIBQKwPMKlby2KdPOauvW9fZdVzvpLy6PB55aCI
|
||||
YvuwrcEHiPVdg7qIzR+y86mSQSbMezbfXvWa8krucP0
|
||||
-> ssh-ed25519 jIXfPA j7tG5njdpep2XrlFieR/DxhDdzAixDG++erR3KC6fQI
|
||||
h4BM2WgwJ0CZG5/XM50V086YF4UGJcmBiOmxsIyf190
|
||||
-> ssh-ed25519 QlRB9Q vfE9b1Yo8zr+eUPGrWfl2T3rIlD2j0QweDXSI7wu1TU
|
||||
Uupo2QK0dbjE9UEt6A/6nxQViW1LvqhDU5lX+hOYX2o
|
||||
-> ssh-ed25519 r+nK/Q zj475ZsZBzPjfOzqyyylvpG0J00ZiE8NWL+rvhURRWk
|
||||
ZSpCLcgfm3X2+KIllRVUVZamn3JZrlUOR/Nahk5sBUA
|
||||
-> ssh-rsa krWCLQ
|
||||
Uij+BTfVAjkGIKQ3qSL+E5YGJfZ6nMB/Kw3IWwZD1QGih6CO3+oooGR1DOqAJv0O
|
||||
o2H9v3AbAr0qnaYjK0Gjw/2+6uSu5SDt75p1ocMvLu8gwM1Br+T/7uSuIw7wLgPz
|
||||
IinUGDPTFhjR7X7x16IxgXWGMowCa6K/285ztY8v0v9s22uNrrjNEGEiJ/qn41DX
|
||||
8hpOmRpxiq5xOG1fsWQYsSW+ZmobBWfJJXzM0iknQL+GniRZd/ySjWr84HcMjDns
|
||||
8CcTgeo6gVstQITekvMS3jkixmszJhFJR8WMS9b/bunDIGrxj3cUEObRAzlU48Jd
|
||||
dAzOQ+kjzqMwnXbNexq54w
|
||||
-> ssh-ed25519 /vwQcQ kYZUqgKfoKSAaaJal1bl521wUkrZXR/12+U9Fuff4m8
|
||||
4foVQpY3UGsUz1jQFQF+5Es3ui0+QsRVRFgxEmmcws4
|
||||
-> ssh-ed25519 0R97PA rW9FfcNNRzvCF7p8KOLjJnKZN0dOdJ1nANzaA1vEzw0
|
||||
yd1gOIEucTCXsciTtB3VPjdlJvrqv/SKuQwtNKVhGs0
|
||||
-> ssh-ed25519 JGx7Ng KdsKUOQ+6VcZyxT63RoPpJyK8qg1xkVz8NuPDJUauQs
|
||||
MSwBdYg/wGrvylPoIy+UVjiIyVfqbyuliIEVuk+B7cQ
|
||||
-> Ko+-grease
|
||||
xF0g4xMUtgeLzmHbpdZM/cKiQ1yXVpcgLXhpd4czuP4Mv0YDZPnE5//nFsh2N9M2
|
||||
ugEnZvPls1cMoKMh6DoM
|
||||
--- VzbmV+CoC0fLoX3FKJqQqbde/H5E77JhGDcedYKbk+g
|
||||
„ï+m|L™å¬åŽ<C3A5>¬.·H£±2”®_©R~uév]¢OmR`ÿ&é˜d-Á¨äHñ8“ˆOð s,ÒpRéeÓš¿ö ®Åh¹t¤Kx=Y¼ÖêÒ×è·Ìdâ`±FADñŒLÐqJo Ÿ›”¶Ð¯>ž:9`9|3cëÆ…’™<îGð$É)}©€?;-$öb•º<16>!Éþ.÷¦†—³{¶Cï¡´0¿ )äk&¹úr<šöâf¥³
|
14
external/netbox/secrets/secrets.nix
vendored
14
external/netbox/secrets/secrets.nix
vendored
|
@ -4,12 +4,12 @@ let
|
|||
inherit ((import sources.nixpkgs { })) lib;
|
||||
nix-lib = import ../../../lib { };
|
||||
|
||||
groups = (import ../../../meta).members.groups;
|
||||
inherit ((import ../../../meta).members) groups;
|
||||
|
||||
publicKeys = lib.splitString "\n"
|
||||
(builtins.readFile (./maurice.keys)) # maurice servers' keys
|
||||
++ nix-lib.getAllKeys (groups.netbox ++ groups.root);
|
||||
in {
|
||||
"netbox.age".publicKeys =
|
||||
lib.splitString "\n" (builtins.readFile (./maurice.keys)) # maurice servers' keys
|
||||
++ nix-lib.getAllKeys (
|
||||
groups.netbox ++
|
||||
groups.root
|
||||
);
|
||||
"netbox.age" = { inherit publicKeys; };
|
||||
"netbox_env.age" = { inherit publicKeys; };
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue