forked from DGNum/infrastructure
feat(web01): Netbox
This commit is contained in:
parent
74baeed754
commit
f778fb131f
11 changed files with 98 additions and 108 deletions
10
external/netbox/secrets/default.nix
vendored
10
external/netbox/secrets/default.nix
vendored
|
@ -1,10 +0,0 @@
|
|||
_: {
|
||||
age.secrets = {
|
||||
"netbox" = {
|
||||
file = ./netbox.age;
|
||||
group = "netbox";
|
||||
owner = "netbox";
|
||||
};
|
||||
"netbox_env".file = ./netbox_env.age;
|
||||
};
|
||||
}
|
3
external/netbox/secrets/maurice.keys
vendored
3
external/netbox/secrets/maurice.keys
vendored
|
@ -1,3 +0,0 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAFZvpOfsBhbz9IvBj4akFr48VIuIrzSTP/6xUC0fyyF
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEpwF+XD3HgX64kqD42pcEZRNYAWoO4YNiOm5KO4tH6o maurice@polaris
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtlR7TN69GgD5q0b+/DXC2aOKiNN8TiempaEZkfngut maurice@sirius
|
32
external/netbox/secrets/netbox.age
vendored
32
external/netbox/secrets/netbox.age
vendored
|
@ -1,32 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 6J6ApA Rw8khLEeN2Vc0ogKS37PVt8RtkX/AUIPvrEl1Y4o33s
|
||||
WfbB+OJWjer4p4c5WJ5/wWGTfzaP+ioSVICaWeN7v8Y
|
||||
-> ssh-ed25519 JGx7Ng XPQNnVJUQnW4m6VRD5IvQLkI7M6ePLnh7I6qVmXkZUI
|
||||
iDE+Po4QpuesYyyLOx5jGurDBK4PVSqCyjTiLO8tIE4
|
||||
-> ssh-ed25519 Ih+Lhw opXAdU106hSmF4j9w9QVs1PTtGFYqODit/Jzqnnm9hc
|
||||
oHW0aA3rR4ix+mp/XpH7ufKC6CDVgwojRAli0Rt0umY
|
||||
-> ssh-ed25519 jIXfPA UpS2FGuwL08jjS7VtMlWuIKHzpVLDIHLCeDBUyzYaDk
|
||||
ekm1yEUuoxEsOhtmp0SvBeTCNEXfTlgCaS6i4OsyNkI
|
||||
-> ssh-ed25519 QlRB9Q sJNeXiglN1YONRXpAknOkG7BCHTVq0eLVX/ulr/zuy8
|
||||
kZY5j2ilKr1eAxAB4eo8ku/068L8K9MGfywyQiwcGHk
|
||||
-> ssh-ed25519 r+nK/Q 1AonFSikttoFe4bqaULTcTPWQxwig3VBmkEBSVqAwXg
|
||||
Y2CZAeaKG+z0Qc2wjkdJC+/TvEe4ZXwwmwg34mF1drI
|
||||
-> ssh-rsa krWCLQ
|
||||
YA2SfssUpCkBkQ7eSQw7w9bCou04rvvSItcfYA4md41txuJ9pCKuEdAbPtBbxCBU
|
||||
UqPyUCor7abyVgsIqmYR5zSCLw5yfZqynwilLC5wx7DMYGWEs0OW1jBEP0Nj6ISD
|
||||
2zWLilvfiq1LPV1eKWlPUFb+STCha24LybDgNlo4O4a4AttQ5g7YgeFy3EAK4aN5
|
||||
/NTLn3Yn40WUB9XfiesL9OFiGVF2nPujyCYXBxGOL425cevVkpFpQTOrThKC3RzH
|
||||
vvkUCpdP8vOd8uEsy5qHxGrJGUwc4clrbLKBg4BZ9jbAPTpFj533aF71/qiJuwMH
|
||||
mhOZQzDTO3KWHSAM750HAA
|
||||
-> ssh-ed25519 /vwQcQ L6Tpwg8hsUigry1IL2EbCjh+zR3AmZ8V6bPF8MgFcVs
|
||||
iy2o3Ci9CmmZ4YwEvIHOOXXJT+UXNQU45faL+ulPFGk
|
||||
-> ssh-ed25519 0R97PA 0Pjmquwj5A7UkMl1aUYz8AEdGiDA9B402l9B47isXwg
|
||||
VM1wJWw6I7rDQkRiut2MMugRrYANgBFFAnoMhgPyBvI
|
||||
-> ssh-ed25519 JGx7Ng gRZY4yXgZiftpgadbg+X9k9qF0wmSDywrk5N2Z1P4DU
|
||||
el60vd0Kq5Gx0Qm+k9AQNeWvVUUobI4KjMoHkmLzPaM
|
||||
-> ')tE-grease
|
||||
7uJeStX+hLwArPoxtFWKhHI/p1uDPpJ2IhdEc0uNhEIbcVfthSkbQCbT7cLwHlKL
|
||||
LT0tC0FcYsoS/VMu+A
|
||||
--- PglFR+GxbWtTM1/wHZOz1kF7VaSjgBhJopb01kJQKCk
|
||||
8á}lh—ž-*uè`¼Àõ-Xºñ
|
||||
Î^<5E>Æ<EFBFBD>pýlrÐDy¨}|¾’…Úq8Dd‡·Ü›ë²,<2C>l=¢aV<61>8¦y˜tJ0»ä)'eJ·;ÁÉ
|
31
external/netbox/secrets/netbox_env.age
vendored
31
external/netbox/secrets/netbox_env.age
vendored
|
@ -1,31 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 6J6ApA uOgCmOqPlLdETLFaMMPKIjbp6d41T0gtX0X0hGJDElA
|
||||
cBHPVEsfBpEEzHN7ryG7TF7VYt4ft0tO20UOfM1+J5E
|
||||
-> ssh-ed25519 JGx7Ng IEeY5TQO0glsTZSsrPS9TlMnz5f1okeWlut640ahAio
|
||||
AYVWLcPETYKJAYxlUpFpQcPSsIffDIX9+9seqONrCFc
|
||||
-> ssh-ed25519 Ih+Lhw UDpkkIBQKwPMKlby2KdPOauvW9fZdVzvpLy6PB55aCI
|
||||
YvuwrcEHiPVdg7qIzR+y86mSQSbMezbfXvWa8krucP0
|
||||
-> ssh-ed25519 jIXfPA j7tG5njdpep2XrlFieR/DxhDdzAixDG++erR3KC6fQI
|
||||
h4BM2WgwJ0CZG5/XM50V086YF4UGJcmBiOmxsIyf190
|
||||
-> ssh-ed25519 QlRB9Q vfE9b1Yo8zr+eUPGrWfl2T3rIlD2j0QweDXSI7wu1TU
|
||||
Uupo2QK0dbjE9UEt6A/6nxQViW1LvqhDU5lX+hOYX2o
|
||||
-> ssh-ed25519 r+nK/Q zj475ZsZBzPjfOzqyyylvpG0J00ZiE8NWL+rvhURRWk
|
||||
ZSpCLcgfm3X2+KIllRVUVZamn3JZrlUOR/Nahk5sBUA
|
||||
-> ssh-rsa krWCLQ
|
||||
Uij+BTfVAjkGIKQ3qSL+E5YGJfZ6nMB/Kw3IWwZD1QGih6CO3+oooGR1DOqAJv0O
|
||||
o2H9v3AbAr0qnaYjK0Gjw/2+6uSu5SDt75p1ocMvLu8gwM1Br+T/7uSuIw7wLgPz
|
||||
IinUGDPTFhjR7X7x16IxgXWGMowCa6K/285ztY8v0v9s22uNrrjNEGEiJ/qn41DX
|
||||
8hpOmRpxiq5xOG1fsWQYsSW+ZmobBWfJJXzM0iknQL+GniRZd/ySjWr84HcMjDns
|
||||
8CcTgeo6gVstQITekvMS3jkixmszJhFJR8WMS9b/bunDIGrxj3cUEObRAzlU48Jd
|
||||
dAzOQ+kjzqMwnXbNexq54w
|
||||
-> ssh-ed25519 /vwQcQ kYZUqgKfoKSAaaJal1bl521wUkrZXR/12+U9Fuff4m8
|
||||
4foVQpY3UGsUz1jQFQF+5Es3ui0+QsRVRFgxEmmcws4
|
||||
-> ssh-ed25519 0R97PA rW9FfcNNRzvCF7p8KOLjJnKZN0dOdJ1nANzaA1vEzw0
|
||||
yd1gOIEucTCXsciTtB3VPjdlJvrqv/SKuQwtNKVhGs0
|
||||
-> ssh-ed25519 JGx7Ng KdsKUOQ+6VcZyxT63RoPpJyK8qg1xkVz8NuPDJUauQs
|
||||
MSwBdYg/wGrvylPoIy+UVjiIyVfqbyuliIEVuk+B7cQ
|
||||
-> Ko+-grease
|
||||
xF0g4xMUtgeLzmHbpdZM/cKiQ1yXVpcgLXhpd4czuP4Mv0YDZPnE5//nFsh2N9M2
|
||||
ugEnZvPls1cMoKMh6DoM
|
||||
--- VzbmV+CoC0fLoX3FKJqQqbde/H5E77JhGDcedYKbk+g
|
||||
„ï+m|L™å¬åŽ<C3A5>¬.·H£±2”®_©R~uév]¢OmR`ÿ&é˜d-Á¨äHñ8“ˆOð s,ÒpRéeÓš¿ö ®Åh¹t¤Kx=Y¼ÖêÒ×è·Ìdâ`±FADñŒLÐqJo Ÿ›”¶Ð¯>ž:9`9|3cëÆ…’™<îGð$É)}©€?;-$öb•º<16>!Éþ.÷¦†—³{¶Cï¡´0¿ )äk&¹úr<šöâf¥³
|
20
external/netbox/secrets/secrets.nix
vendored
20
external/netbox/secrets/secrets.nix
vendored
|
@ -1,20 +0,0 @@
|
|||
let
|
||||
sources = import ../../../npins;
|
||||
|
||||
inherit ((import sources.nixpkgs { })) lib;
|
||||
nix-lib = import ../../../lib { };
|
||||
|
||||
inherit ((import ../../../meta).members) groups;
|
||||
|
||||
publicKeys =
|
||||
lib.splitString "\n" (builtins.readFile (./maurice.keys)) # maurice servers' keys
|
||||
++ nix-lib.getAllKeys (groups.netbox ++ groups.root);
|
||||
in
|
||||
{
|
||||
"netbox.age" = {
|
||||
inherit publicKeys;
|
||||
};
|
||||
"netbox_env.age" = {
|
||||
inherit publicKeys;
|
||||
};
|
||||
}
|
|
@ -20,6 +20,7 @@ lib.extra.mkConfig {
|
|||
"static"
|
||||
"wordpress"
|
||||
"dolibarr"
|
||||
"netbox"
|
||||
];
|
||||
|
||||
extraConfig = {
|
||||
|
|
|
@ -1,20 +1,21 @@
|
|||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, sources, lib, ... }:
|
||||
{
|
||||
imports = [ ./secrets ];
|
||||
|
||||
services = {
|
||||
netbox = {
|
||||
enable = true;
|
||||
secretKeyFile = config.age.secrets."netbox".path;
|
||||
package = (import sources.nixos-unstable {}).pkgs.netbox_3_7;
|
||||
secretKeyFile = "/dev/null";
|
||||
listenAddress = "127.0.0.1";
|
||||
settings = {
|
||||
ALLOWED_HOSTS = [ "netbox.dgnum.sinavir.fr" ];
|
||||
ALLOWED_HOSTS = [ "netbox.dgnum.eu" ];
|
||||
REMOTE_AUTH_BACKEND = "social_core.backends.open_id_connect.OpenIdConnectAuth";
|
||||
};
|
||||
|
||||
extraConfig = ''
|
||||
extraConfig = lib.mkForce ''
|
||||
from os import environ as env
|
||||
|
||||
SECRET_KEY = env["SECRET_KEY"]
|
||||
|
||||
SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = env["NETBOX_OIDC_URL"]
|
||||
SOCIAL_AUTH_OIDC_KEY = env["NETBOX_OIDC_KEY"]
|
||||
SOCIAL_AUTH_OIDC_SECRET = env["NETBOX_OIDC_SECRET"]
|
||||
|
@ -23,7 +24,7 @@
|
|||
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts."netbox.dgnum.sinavir.fr" = {
|
||||
virtualHosts."netbox.dgnum.eu" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
|
@ -31,18 +32,18 @@
|
|||
locations."/static/".alias = "${config.services.netbox.dataDir}/static/";
|
||||
};
|
||||
};
|
||||
|
||||
postgresql.package = pkgs.postgresql_14;
|
||||
};
|
||||
|
||||
# my server is slow sorry
|
||||
systemd.services.netbox.serviceConfig = {
|
||||
TimeoutStartSec = 600;
|
||||
EnvironmentFile = config.age.secrets."netbox_env".path;
|
||||
EnvironmentFile = config.age.secrets.netbox_env.path;
|
||||
};
|
||||
|
||||
systemd.services.netbox-housekeeping.serviceConfig = {
|
||||
EnvironmentFile = config.age.secrets."netbox_env".path;
|
||||
EnvironmentFile = config.age.secrets.netbox_env.path;
|
||||
};
|
||||
systemd.services.netbox-rq.serviceConfig = {
|
||||
EnvironmentFile = config.age.secrets.netbox_env.path;
|
||||
};
|
||||
|
||||
users.users.nginx.extraGroups = [ "netbox" ];
|
30
machines/web01/secrets/netbox_env
Normal file
30
machines/web01/secrets/netbox_env
Normal file
|
@ -0,0 +1,30 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 jIXfPA K4nQGkOuyKhZ5MQABKf5rqwmx27l9FO4U/RRE2oWv20
|
||||
X46HUllM5Vux3Xfk9bOuG3kLGKi7QrJfFDindJk1EnY
|
||||
-> ssh-ed25519 QlRB9Q b/j/g4cIT/1ZRj4q+ySzpumo6bzusP8/cWST6FlCo2w
|
||||
odNGXC9xVABjeuK60JCX2vZ9WDz2wIfIxfH/u89oPb0
|
||||
-> ssh-ed25519 r+nK/Q 93qftDQL3lrmBsoEf8Ii8W3GOYXRe7i1sxBnnB4QfQc
|
||||
nN9ydmZljxtSjfMSCaOqAZ9yJDZ7NszgFfxIO1AbruM
|
||||
-> ssh-rsa krWCLQ
|
||||
m539hM0zvYYZB4gX64dOvbTujaqPVvbwTw/y+ySIiOyBjplZAXH16m9//d7f0uDz
|
||||
Skh5OntPj1GorVoNEk+Eo+bLPfIAYkJrpjCWLd6FZgNkbHZ7STKCFTcUyg7lz2+r
|
||||
yc8fFwky9VgtYLFd96EBZV02y2R3z+euP+5Tysdq+yaM/DdOR3bTjRVdlpg7kzCo
|
||||
eGO25jvj/Mk3m2BJlUl2cOTQAo9e47q7StQhY7xgxG9g2xewhBpwdDbGu9NdrHDu
|
||||
aDMXBqWrPz1yVx3TAYi+VwUboL9gYY6oFp2XYZnhbxzQuy6Uf2sw34l+E/1QOjBj
|
||||
aPSTAn62r/bseYmSs9EEvQ
|
||||
-> ssh-ed25519 /vwQcQ tHXhAZFLaPkl1+wrbCaVcpytQqVOQ1fUEVFCpuNMMjA
|
||||
wgWF8GB79+1LVsNC1Id7kThjMrj3i98OjbT8rL9TO2A
|
||||
-> ssh-ed25519 0R97PA F5Q1k+4SKxc5mLSNh/djSzfFPXuG0ritZtpdI0RalGE
|
||||
RT0E4/Z75+sgUFtuJjuSa6q49/BWpvCikr83OIbTSOw
|
||||
-> ssh-ed25519 JGx7Ng me7czRBgNgb0I/JLnH2dh6h2Opxn/vy3FcxiaHsBPAo
|
||||
TfcvYvUgjL/IQLT0iMjVzyMbkUvfXL6yc28V1OKwitU
|
||||
-> ssh-ed25519 5SY7Kg VWQPzMOckhC6rW5rqN7rOdUlpzaZD1wzY0Z7Enp1sFU
|
||||
KkIJuPdZFc1EPqr8h696ixWhhXuCAr4CTsCvkxOyQPI
|
||||
-> ssh-ed25519 p/Mg4Q Cp0oC+3C/EguAAG9OJPUAS1lqFpKchrYFpEm16WDvhI
|
||||
MBytJhf9lKtlIuYFb0dFu1/oyoleJtIub8kDEm6D2fo
|
||||
-> ssh-ed25519 0IVRbA ycBqVdH0EqRNZmZ/8aw67PuFI5Gyf6PWwWHTsjH9TXU
|
||||
YmPbatp5q43yA0T/AFXnrYcJS3z/ECDxnkYg3/FVacQ
|
||||
--- neVy86qk1IY/DUoofRpOXfK3bwXitHIZYMzs4teIzYI
|
||||
È@ñÄâ"½ëN<$µ:ÃÒ Jê¾éb¤€rƒ¢â^xO0=gÐQš€éû¼;Ú@Æ[Ñ|.
|
||||
|ˆ<>7CÓû¥«RÜ«†’ýäIVè5þ§ƒ~m¿ÉzÉ
‹á]|à<>£ÈÛérΣÊ` »“É`?ÄÖpk±n”þRzS<7A>Ÿ Á)ߣYÇ6ÅgmWm˜D÷Õ|2-t¡„ÿB<>isלÚ×Fµò¨ësrb÷ux`ìmIFäîÉÔ…Ðkñ 9{Z\‚4œe»ýð;â‚s
|
||||
uø•Ԟ,üÕU]êÆgo—`@ø㶙!‰*ó*¾@̉ÁìpM´æ´Q
|
|
@ -7,6 +7,7 @@ lib.setDefault { inherit publicKeys; } [
|
|||
"bupstash-put_key"
|
||||
"matterbridge-config_file"
|
||||
"named-bind_dnskeys_conf"
|
||||
"netbox_env"
|
||||
"ntfy_sh-environment_file"
|
||||
"plausible_admin-user-password-file"
|
||||
"plausible_secret-key-base-file"
|
||||
|
|
|
@ -1,5 +1,8 @@
|
|||
{
|
||||
"nixos-23.11" = [
|
||||
{ _type = "static";
|
||||
path = ./netbox.patch;
|
||||
}
|
||||
# castopod: 1.6.4 -> 1.7.0 + ajout du support de loadcredentials
|
||||
{
|
||||
_type = "static";
|
||||
|
|
50
patches/netbox.patch
Normal file
50
patches/netbox.patch
Normal file
|
@ -0,0 +1,50 @@
|
|||
From 163fed297ed65a24241f190d8e954ce1877f9020 Mon Sep 17 00:00:00 2001
|
||||
From: Minijackson <minijackson@riseup.net>
|
||||
Date: Mon, 22 Jan 2024 16:17:57 +0100
|
||||
Subject: [PATCH] netbox: 3.6.9 -> 3.7.1
|
||||
|
||||
Or another way to see it:
|
||||
|
||||
netbox_3_7: init at 3.7.1
|
||||
|
||||
Make NetBox 3.7 the default version if stateVersion >= 24.05,
|
||||
switch upgrade test to test upgrade from 3.6 to 3.7,
|
||||
remove clearcache command for >=3.7.0,
|
||||
make reindex command mandatory
|
||||
---
|
||||
nixos/modules/services/web-apps/netbox.nix | 15 +++++++++------
|
||||
|
||||
diff --git a/nixos/modules/services/web-apps/netbox.nix b/nixos/modules/services/web-apps/netbox.nix
|
||||
index 72ec578146a764..b0921f461d2216 100644
|
||||
--- a/nixos/modules/services/web-apps/netbox.nix
|
||||
+++ b/nixos/modules/services/web-apps/netbox.nix
|
||||
@@ -75,7 +75,9 @@ in {
|
||||
package = lib.mkOption {
|
||||
type = lib.types.package;
|
||||
default =
|
||||
- if lib.versionAtLeast config.system.stateVersion "23.11"
|
||||
+ if lib.versionAtLeast config.system.stateVersion "24.05"
|
||||
+ then pkgs.netbox_3_7
|
||||
+ else if lib.versionAtLeast config.system.stateVersion "23.11"
|
||||
then pkgs.netbox_3_6
|
||||
else if lib.versionAtLeast config.system.stateVersion "23.05"
|
||||
then pkgs.netbox_3_5
|
||||
@@ -306,12 +308,13 @@ in {
|
||||
${pkg}/bin/netbox trace_paths --no-input
|
||||
${pkg}/bin/netbox collectstatic --no-input
|
||||
${pkg}/bin/netbox remove_stale_contenttypes --no-input
|
||||
- # TODO: remove the condition when we remove netbox_3_3
|
||||
- ${lib.optionalString
|
||||
- (lib.versionAtLeast cfg.package.version "3.5.0")
|
||||
- "${pkg}/bin/netbox reindex --lazy"}
|
||||
+ ${pkg}/bin/netbox reindex --lazy
|
||||
${pkg}/bin/netbox clearsessions
|
||||
- ${pkg}/bin/netbox clearcache
|
||||
+ ${lib.optionalString
|
||||
+ # The clearcache command was removed in 3.7.0:
|
||||
+ # https://github.com/netbox-community/netbox/issues/14458
|
||||
+ (lib.versionOlder cfg.package.version "3.7.0")
|
||||
+ "${pkg}/bin/netbox clearcache"}
|
||||
|
||||
echo "${cfg.package.version}" > "$versionFile"
|
||||
'';
|
Loading…
Reference in a new issue