lbailly/infrastructure
1
0
Fork 0
forked from DGNum/infrastructure
Code Pull requests Activity

feat(web01): Netbox

Browse source
This commit is contained in:
sinavir 2024-02-23 00:57:26 +01:00
parent 74baeed754
commit f778fb131f
11 changed files with 98 additions and 108 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
external/netbox/secrets/default.nix vendored
View file

@ -1,10 +0,0 @@
_: {
age.secrets = {
"netbox" = {
file = ./netbox.age;
group = "netbox";
owner = "netbox";
};
"netbox_env".file = ./netbox_env.age;
};
}

3
external/netbox/secrets/maurice.keys vendored
View file

@ -1,3 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAFZvpOfsBhbz9IvBj4akFr48VIuIrzSTP/6xUC0fyyF
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEpwF+XD3HgX64kqD42pcEZRNYAWoO4YNiOm5KO4tH6o maurice@polaris
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtlR7TN69GgD5q0b+/DXC2aOKiNN8TiempaEZkfngut maurice@sirius

32
external/netbox/secrets/netbox.age vendored
View file

@ -1,32 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 6J6ApA Rw8khLEeN2Vc0ogKS37PVt8RtkX/AUIPvrEl1Y4o33s
WfbB+OJWjer4p4c5WJ5/wWGTfzaP+ioSVICaWeN7v8Y
-> ssh-ed25519 JGx7Ng XPQNnVJUQnW4m6VRD5IvQLkI7M6ePLnh7I6qVmXkZUI
iDE+Po4QpuesYyyLOx5jGurDBK4PVSqCyjTiLO8tIE4
-> ssh-ed25519 Ih+Lhw opXAdU106hSmF4j9w9QVs1PTtGFYqODit/Jzqnnm9hc
oHW0aA3rR4ix+mp/XpH7ufKC6CDVgwojRAli0Rt0umY
-> ssh-ed25519 jIXfPA UpS2FGuwL08jjS7VtMlWuIKHzpVLDIHLCeDBUyzYaDk
ekm1yEUuoxEsOhtmp0SvBeTCNEXfTlgCaS6i4OsyNkI
-> ssh-ed25519 QlRB9Q sJNeXiglN1YONRXpAknOkG7BCHTVq0eLVX/ulr/zuy8
kZY5j2ilKr1eAxAB4eo8ku/068L8K9MGfywyQiwcGHk
-> ssh-ed25519 r+nK/Q 1AonFSikttoFe4bqaULTcTPWQxwig3VBmkEBSVqAwXg
Y2CZAeaKG+z0Qc2wjkdJC+/TvEe4ZXwwmwg34mF1drI
-> ssh-rsa krWCLQ
YA2SfssUpCkBkQ7eSQw7w9bCou04rvvSItcfYA4md41txuJ9pCKuEdAbPtBbxCBU
UqPyUCor7abyVgsIqmYR5zSCLw5yfZqynwilLC5wx7DMYGWEs0OW1jBEP0Nj6ISD
2zWLilvfiq1LPV1eKWlPUFb+STCha24LybDgNlo4O4a4AttQ5g7YgeFy3EAK4aN5
/NTLn3Yn40WUB9XfiesL9OFiGVF2nPujyCYXBxGOL425cevVkpFpQTOrThKC3RzH
vvkUCpdP8vOd8uEsy5qHxGrJGUwc4clrbLKBg4BZ9jbAPTpFj533aF71/qiJuwMH
mhOZQzDTO3KWHSAM750HAA
-> ssh-ed25519 /vwQcQ L6Tpwg8hsUigry1IL2EbCjh+zR3AmZ8V6bPF8MgFcVs
iy2o3Ci9CmmZ4YwEvIHOOXXJT+UXNQU45faL+ulPFGk
-> ssh-ed25519 0R97PA 0Pjmquwj5A7UkMl1aUYz8AEdGiDA9B402l9B47isXwg
VM1wJWw6I7rDQkRiut2MMugRrYANgBFFAnoMhgPyBvI
-> ssh-ed25519 JGx7Ng gRZY4yXgZiftpgadbg+X9k9qF0wmSDywrk5N2Z1P4DU
el60vd0Kq5Gx0Qm+k9AQNeWvVUUobI4KjMoHkmLzPaM
-> ')tE-grease
7uJeStX+hLwArPoxtFWKhHI/p1uDPpJ2IhdEc0uNhEIbcVfthSkbQCbT7cLwHlKL
LT0tC0FcYsoS/VMu+A
--- PglFR+GxbWtTM1/wHZOz1kF7VaSjgBhJopb01kJQKCk
8á}lh—ž-*uè`¼Àõ-Xºñ
Î ^<5E>Æ<EFBFBD>pýlrÐDy¨}|¾…Úq8Dd‡·Ü›ë²,<2C>l=¢aV<61>8¦y˜tJ0»ä)'eJ·;ÁÉ

31
external/netbox/secrets/netbox_env.age vendored
View file

@ -1,31 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 6J6ApA uOgCmOqPlLdETLFaMMPKIjbp6d41T0gtX0X0hGJDElA
cBHPVEsfBpEEzHN7ryG7TF7VYt4ft0tO20UOfM1+J5E
-> ssh-ed25519 JGx7Ng IEeY5TQO0glsTZSsrPS9TlMnz5f1okeWlut640ahAio
AYVWLcPETYKJAYxlUpFpQcPSsIffDIX9+9seqONrCFc
-> ssh-ed25519 Ih+Lhw UDpkkIBQKwPMKlby2KdPOauvW9fZdVzvpLy6PB55aCI
YvuwrcEHiPVdg7qIzR+y86mSQSbMezbfXvWa8krucP0
-> ssh-ed25519 jIXfPA j7tG5njdpep2XrlFieR/DxhDdzAixDG++erR3KC6fQI
h4BM2WgwJ0CZG5/XM50V086YF4UGJcmBiOmxsIyf190
-> ssh-ed25519 QlRB9Q vfE9b1Yo8zr+eUPGrWfl2T3rIlD2j0QweDXSI7wu1TU
Uupo2QK0dbjE9UEt6A/6nxQViW1LvqhDU5lX+hOYX2o
-> ssh-ed25519 r+nK/Q zj475ZsZBzPjfOzqyyylvpG0J00ZiE8NWL+rvhURRWk
ZSpCLcgfm3X2+KIllRVUVZamn3JZrlUOR/Nahk5sBUA
-> ssh-rsa krWCLQ
Uij+BTfVAjkGIKQ3qSL+E5YGJfZ6nMB/Kw3IWwZD1QGih6CO3+oooGR1DOqAJv0O
o2H9v3AbAr0qnaYjK0Gjw/2+6uSu5SDt75p1ocMvLu8gwM1Br+T/7uSuIw7wLgPz
IinUGDPTFhjR7X7x16IxgXWGMowCa6K/285ztY8v0v9s22uNrrjNEGEiJ/qn41DX
8hpOmRpxiq5xOG1fsWQYsSW+ZmobBWfJJXzM0iknQL+GniRZd/ySjWr84HcMjDns
8CcTgeo6gVstQITekvMS3jkixmszJhFJR8WMS9b/bunDIGrxj3cUEObRAzlU48Jd
dAzOQ+kjzqMwnXbNexq54w
-> ssh-ed25519 /vwQcQ kYZUqgKfoKSAaaJal1bl521wUkrZXR/12+U9Fuff4m8
4foVQpY3UGsUz1jQFQF+5Es3ui0+QsRVRFgxEmmcws4
-> ssh-ed25519 0R97PA rW9FfcNNRzvCF7p8KOLjJnKZN0dOdJ1nANzaA1vEzw0
yd1gOIEucTCXsciTtB3VPjdlJvrqv/SKuQwtNKVhGs0
-> ssh-ed25519 JGx7Ng KdsKUOQ+6VcZyxT63RoPpJyK8qg1xkVz8NuPDJUauQs
MSwBdYg/wGrvylPoIy+UVjiIyVfqbyuliIEVuk+B7cQ
-> Ko+-grease
xF0g4xMUtgeLzmHbpdZM/cKiQ1yXVpcgLXhpd4czuP4Mv0YDZPnE5//nFsh2N9M2
ugEnZvPls1cMoKMh6DoM
--- VzbmV+CoC0fLoX3FKJqQqbde/H5E77JhGDcedYKbk+g
„ï +m|L™å¬åŽ<C3A5>¬.·H£±2”®_©R~uév]¢OmR`ÿ&é˜d-Á¨äHñ8“ˆ  s,ÒpRéeÓš¿ö ®Åh¹t¤K x=Y­¼ÖêÒ×è·Ìdâ`±FADñŒLÐqJo Ÿ›”¶Ð¯>ž:9`9|3cëÆ…™<îGð$É)}©€?;-$öb•º<16>þ.÷¦†—³{¶Cï¡´0¿ )äk&¹úr<šöâf¥³

20
external/netbox/secrets/secrets.nix vendored
View file

@ -1,20 +0,0 @@
let
sources = import ../../../npins;
inherit ((import sources.nixpkgs { })) lib;
nix-lib = import ../../../lib { };
inherit ((import ../../../meta).members) groups;
publicKeys =
lib.splitString "\n" (builtins.readFile (./maurice.keys)) # maurice servers' keys
++ nix-lib.getAllKeys (groups.netbox ++ groups.root);
in
{
"netbox.age" = {
inherit publicKeys;
};
"netbox_env.age" = {
inherit publicKeys;
};
}

1
machines/web01/_configuration.nix
View file

@ -20,6 +20,7 @@ lib.extra.mkConfig {
"static"
"wordpress"
"dolibarr"
"netbox"
];
extraConfig = {

25
external/netbox/default.nix → machines/web01/netbox.nix
View file

@ -1,20 +1,21 @@
{ config, pkgs, ... }:
{ config, pkgs, sources, lib, ... }:
{
imports = [ ./secrets ];
services = {
netbox = {
enable = true;
secretKeyFile = config.age.secrets."netbox".path;
package = (import sources.nixos-unstable {}).pkgs.netbox_3_7;
secretKeyFile = "/dev/null";
listenAddress = "127.0.0.1";
settings = {
ALLOWED_HOSTS = [ "netbox.dgnum.sinavir.fr" ];
ALLOWED_HOSTS = [ "netbox.dgnum.eu" ];
REMOTE_AUTH_BACKEND = "social_core.backends.open_id_connect.OpenIdConnectAuth";
};
extraConfig = ''
extraConfig = lib.mkForce ''
from os import environ as env
SECRET_KEY = env["SECRET_KEY"]
SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = env["NETBOX_OIDC_URL"]
SOCIAL_AUTH_OIDC_KEY = env["NETBOX_OIDC_KEY"]
SOCIAL_AUTH_OIDC_SECRET = env["NETBOX_OIDC_SECRET"]
@ -23,7 +24,7 @@
nginx = {
enable = true;
virtualHosts."netbox.dgnum.sinavir.fr" = {
virtualHosts."netbox.dgnum.eu" = {
enableACME = true;
forceSSL = true;
@ -31,18 +32,18 @@
locations."/static/".alias = "${config.services.netbox.dataDir}/static/";
};
};
postgresql.package = pkgs.postgresql_14;
};
# my server is slow sorry
systemd.services.netbox.serviceConfig = {
TimeoutStartSec = 600;
EnvironmentFile = config.age.secrets."netbox_env".path;
EnvironmentFile = config.age.secrets.netbox_env.path;
};
systemd.services.netbox-housekeeping.serviceConfig = {
EnvironmentFile = config.age.secrets."netbox_env".path;
EnvironmentFile = config.age.secrets.netbox_env.path;
};
systemd.services.netbox-rq.serviceConfig = {
EnvironmentFile = config.age.secrets.netbox_env.path;
};
users.users.nginx.extraGroups = [ "netbox" ];

30
machines/web01/secrets/netbox_env Normal file
View file

@ -0,0 +1,30 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA K4nQGkOuyKhZ5MQABKf5rqwmx27l9FO4U/RRE2oWv20
X46HUllM5Vux3Xfk9bOuG3kLGKi7QrJfFDindJk1EnY
-> ssh-ed25519 QlRB9Q b/j/g4cIT/1ZRj4q+ySzpumo6bzusP8/cWST6FlCo2w
odNGXC9xVABjeuK60JCX2vZ9WDz2wIfIxfH/u89oPb0
-> ssh-ed25519 r+nK/Q 93qftDQL3lrmBsoEf8Ii8W3GOYXRe7i1sxBnnB4QfQc
nN9ydmZljxtSjfMSCaOqAZ9yJDZ7NszgFfxIO1AbruM
-> ssh-rsa krWCLQ
m539hM0zvYYZB4gX64dOvbTujaqPVvbwTw/y+ySIiOyBjplZAXH16m9//d7f0uDz
Skh5OntPj1GorVoNEk+Eo+bLPfIAYkJrpjCWLd6FZgNkbHZ7STKCFTcUyg7lz2+r
yc8fFwky9VgtYLFd96EBZV02y2R3z+euP+5Tysdq+yaM/DdOR3bTjRVdlpg7kzCo
eGO25jvj/Mk3m2BJlUl2cOTQAo9e47q7StQhY7xgxG9g2xewhBpwdDbGu9NdrHDu
aDMXBqWrPz1yVx3TAYi+VwUboL9gYY6oFp2XYZnhbxzQuy6Uf2sw34l+E/1QOjBj
aPSTAn62r/bseYmSs9EEvQ
-> ssh-ed25519 /vwQcQ tHXhAZFLaPkl1+wrbCaVcpytQqVOQ1fUEVFCpuNMMjA
wgWF8GB79+1LVsNC1Id7kThjMrj3i98OjbT8rL9TO2A
-> ssh-ed25519 0R97PA F5Q1k+4SKxc5mLSNh/djSzfFPXuG0ritZtpdI0RalGE
RT0E4/Z75+sgUFtuJjuSa6q49/BWpvCikr83OIbTSOw
-> ssh-ed25519 JGx7Ng me7czRBgNgb0I/JLnH2dh6h2Opxn/vy3FcxiaHsBPAo
TfcvYvUgjL/IQLT0iMjVzyMbkUvfXL6yc28V1OKwitU
-> ssh-ed25519 5SY7Kg VWQPzMOckhC6rW5rqN7rOdUlpzaZD1wzY0Z7Enp1sFU
KkIJuPdZFc1EPqr8h696ixWhhXuCAr4CTsCvkxOyQPI
-> ssh-ed25519 p/Mg4Q Cp0oC+3C/EguAAG9OJPUAS1lqFpKchrYFpEm16WDvhI
MBytJhf9lKtlIuYFb0dFu1/oyoleJtIub8kDEm6D2fo
-> ssh-ed25519 0IVRbA ycBqVdH0EqRNZmZ/8aw67PuFI5Gyf6PWwWHTsjH9TXU
YmPbatp5q43yA0T/AFXnrYcJS3z/ECDxnkYg3/FVacQ
--- neVy86qk1IY/DUoofRpOXfK3bwXitHIZYMzs4teIzYI
È@ñÄâ"½ëN<$µ:ÃÒ Jê¾éb¤€rƒ¢â^xO0=gÐQ š€éû¼;Ú@Æ[Ñ|.
|ˆ<>7CÓû¥«RÜ«†ýäIVè5þ§ƒ~m¿ÉzÉ ‹á]|à<>£ÈÛérΣÊ` »“É`?ÄÖpk±n”þRzS<7A>Ÿ Á)ߣYÇ6ÅgmWm˜D÷Õ|2-t¡„ÿB<>isלÚ×ò¨ësr­b÷ux`ìmIFäîÉÔ…Ðkñ 9{Z\e»ýð;âs
uø•Ԟ,üÕU]­êÆgo—`@ø㶙!‰*ó*¾@̉ÁìpM´æ´Q

1
machines/web01/secrets/secrets.nix
View file

@ -7,6 +7,7 @@ lib.setDefault { inherit publicKeys; } [
"bupstash-put_key"
"matterbridge-config_file"
"named-bind_dnskeys_conf"
"netbox_env"
"ntfy_sh-environment_file"
"plausible_admin-user-password-file"
"plausible_secret-key-base-file"

3
patches/default.nix
View file

@ -1,5 +1,8 @@
{
"nixos-23.11" = [
{ _type = "static";
path = ./netbox.patch;
}
# castopod: 1.6.4 -> 1.7.0 + ajout du support de loadcredentials
{
_type = "static";

50
patches/netbox.patch Normal file
View file

@ -0,0 +1,50 @@
From 163fed297ed65a24241f190d8e954ce1877f9020 Mon Sep 17 00:00:00 2001
From: Minijackson <minijackson@riseup.net>
Date: Mon, 22 Jan 2024 16:17:57 +0100
Subject: [PATCH] netbox: 3.6.9 -> 3.7.1
Or another way to see it:
netbox_3_7: init at 3.7.1
Make NetBox 3.7 the default version if stateVersion >= 24.05,
switch upgrade test to test upgrade from 3.6 to 3.7,
remove clearcache command for >=3.7.0,
make reindex command mandatory
---
nixos/modules/services/web-apps/netbox.nix | 15 +++++++++------
diff --git a/nixos/modules/services/web-apps/netbox.nix b/nixos/modules/services/web-apps/netbox.nix
index 72ec578146a764..b0921f461d2216 100644
--- a/nixos/modules/services/web-apps/netbox.nix
+++ b/nixos/modules/services/web-apps/netbox.nix
@@ -75,7 +75,9 @@ in {
package = lib.mkOption {
type = lib.types.package;
default =
- if lib.versionAtLeast config.system.stateVersion "23.11"
+ if lib.versionAtLeast config.system.stateVersion "24.05"
+ then pkgs.netbox_3_7
+ else if lib.versionAtLeast config.system.stateVersion "23.11"
then pkgs.netbox_3_6
else if lib.versionAtLeast config.system.stateVersion "23.05"
then pkgs.netbox_3_5
@@ -306,12 +308,13 @@ in {
${pkg}/bin/netbox trace_paths --no-input
${pkg}/bin/netbox collectstatic --no-input
${pkg}/bin/netbox remove_stale_contenttypes --no-input
- # TODO: remove the condition when we remove netbox_3_3
- ${lib.optionalString
- (lib.versionAtLeast cfg.package.version "3.5.0")
- "${pkg}/bin/netbox reindex --lazy"}
+ ${pkg}/bin/netbox reindex --lazy
${pkg}/bin/netbox clearsessions
- ${pkg}/bin/netbox clearcache
+ ${lib.optionalString
+ # The clearcache command was removed in 3.7.0:
+ # https://github.com/netbox-community/netbox/issues/14458
+ (lib.versionOlder cfg.package.version "3.7.0")
+ "${pkg}/bin/netbox clearcache"}
echo "${cfg.package.version}" > "$versionFile"
'';