nixos/netbox: RFC42-style options
- allows specifying allowed hosts - setup sane default for logging
This commit is contained in:
parent
2cb6dc90ac
commit
36a550c6f9
1 changed files with 112 additions and 37 deletions
|
@ -4,44 +4,16 @@ with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.services.netbox;
|
cfg = config.services.netbox;
|
||||||
|
pythonFmt = pkgs.formats.pythonVars {};
|
||||||
staticDir = cfg.dataDir + "/static";
|
staticDir = cfg.dataDir + "/static";
|
||||||
configFile = pkgs.writeTextFile {
|
|
||||||
name = "configuration.py";
|
|
||||||
text = ''
|
|
||||||
STATIC_ROOT = '${staticDir}'
|
|
||||||
MEDIA_ROOT = '${cfg.dataDir}/media'
|
|
||||||
REPORTS_ROOT = '${cfg.dataDir}/reports'
|
|
||||||
SCRIPTS_ROOT = '${cfg.dataDir}/scripts'
|
|
||||||
|
|
||||||
ALLOWED_HOSTS = ['*']
|
settingsFile = pythonFmt.generate "netbox-settings.py" cfg.settings;
|
||||||
DATABASE = {
|
extraConfigFile = pkgs.writeTextFile {
|
||||||
'NAME': 'netbox',
|
name = "netbox-extraConfig.py";
|
||||||
'USER': 'netbox',
|
text = cfg.extraConfig;
|
||||||
'HOST': '/run/postgresql',
|
|
||||||
}
|
|
||||||
|
|
||||||
# Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate
|
|
||||||
# configuration exists for each. Full connection details are required in both sections, and it is strongly recommended
|
|
||||||
# to use two separate database IDs.
|
|
||||||
REDIS = {
|
|
||||||
'tasks': {
|
|
||||||
'URL': 'unix://${config.services.redis.servers.netbox.unixSocket}?db=0',
|
|
||||||
'SSL': False,
|
|
||||||
},
|
|
||||||
'caching': {
|
|
||||||
'URL': 'unix://${config.services.redis.servers.netbox.unixSocket}?db=1',
|
|
||||||
'SSL': False,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
with open("${cfg.secretKeyFile}", "r") as file:
|
|
||||||
SECRET_KEY = file.readline()
|
|
||||||
|
|
||||||
${optionalString cfg.enableLdap "REMOTE_AUTH_BACKEND = 'netbox.authentication.LDAPBackend'"}
|
|
||||||
|
|
||||||
${cfg.extraConfig}
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
|
configFile = pkgs.concatText "configuration.py" [ settingsFile extraConfigFile ];
|
||||||
|
|
||||||
pkg = (pkgs.netbox.overrideAttrs (old: {
|
pkg = (pkgs.netbox.overrideAttrs (old: {
|
||||||
installPhase = old.installPhase + ''
|
installPhase = old.installPhase + ''
|
||||||
ln -s ${configFile} $out/opt/netbox/netbox/netbox/configuration.py
|
ln -s ${configFile} $out/opt/netbox/netbox/netbox/configuration.py
|
||||||
|
@ -70,6 +42,30 @@ in {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
settings = lib.mkOption {
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
Configuration options to set in `configuration.py`.
|
||||||
|
See the [documentation](https://docs.netbox.dev/en/stable/configuration/) for more possible options.
|
||||||
|
'';
|
||||||
|
|
||||||
|
default = { };
|
||||||
|
|
||||||
|
type = lib.types.submodule {
|
||||||
|
freeformType = pythonFmt.type;
|
||||||
|
|
||||||
|
options = {
|
||||||
|
ALLOWED_HOSTS = lib.mkOption {
|
||||||
|
type = with lib.types; listOf str;
|
||||||
|
default = ["*"];
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
A list of valid fully-qualified domain names (FQDNs) and/or IP
|
||||||
|
addresses that can be used to reach the NetBox service.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
listenAddress = mkOption {
|
listenAddress = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "[::1]";
|
default = "[::1]";
|
||||||
|
@ -117,7 +113,7 @@ in {
|
||||||
default = "";
|
default = "";
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
Additional lines of configuration appended to the `configuration.py`.
|
Additional lines of configuration appended to the `configuration.py`.
|
||||||
See the [documentation](https://netbox.readthedocs.io/en/stable/configuration/optional-settings/) for more possible options.
|
See the [documentation](https://docs.netbox.dev/en/stable/configuration/) for more possible options.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -138,11 +134,90 @@ in {
|
||||||
Path to the Configuration-File for LDAP-Authentication, will be loaded as `ldap_config.py`.
|
Path to the Configuration-File for LDAP-Authentication, will be loaded as `ldap_config.py`.
|
||||||
See the [documentation](https://netbox.readthedocs.io/en/stable/installation/6-ldap/#configuration) for possible options.
|
See the [documentation](https://netbox.readthedocs.io/en/stable/installation/6-ldap/#configuration) for possible options.
|
||||||
'';
|
'';
|
||||||
|
example = ''
|
||||||
|
import ldap
|
||||||
|
from django_auth_ldap.config import LDAPSearch, PosixGroupType
|
||||||
|
|
||||||
|
AUTH_LDAP_SERVER_URI = "ldaps://ldap.example.com/"
|
||||||
|
|
||||||
|
AUTH_LDAP_USER_SEARCH = LDAPSearch(
|
||||||
|
"ou=accounts,ou=posix,dc=example,dc=com",
|
||||||
|
ldap.SCOPE_SUBTREE,
|
||||||
|
"(uid=%(user)s)",
|
||||||
|
)
|
||||||
|
|
||||||
|
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
|
||||||
|
"ou=groups,ou=posix,dc=example,dc=com",
|
||||||
|
ldap.SCOPE_SUBTREE,
|
||||||
|
"(objectClass=posixGroup)",
|
||||||
|
)
|
||||||
|
AUTH_LDAP_GROUP_TYPE = PosixGroupType()
|
||||||
|
|
||||||
|
# Mirror LDAP group assignments.
|
||||||
|
AUTH_LDAP_MIRROR_GROUPS = True
|
||||||
|
|
||||||
|
# For more granular permissions, we can map LDAP groups to Django groups.
|
||||||
|
AUTH_LDAP_FIND_GROUP_PERMS = True
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
services.netbox.plugins = mkIf cfg.enableLdap (ps: [ ps.django-auth-ldap ]);
|
services.netbox = {
|
||||||
|
plugins = mkIf cfg.enableLdap (ps: [ ps.django-auth-ldap ]);
|
||||||
|
settings = {
|
||||||
|
STATIC_ROOT = staticDir;
|
||||||
|
MEDIA_ROOT = "${cfg.dataDir}/media";
|
||||||
|
REPORTS_ROOT = "${cfg.dataDir}/reports";
|
||||||
|
SCRIPTS_ROOT = "${cfg.dataDir}/scripts";
|
||||||
|
|
||||||
|
DATABASE = {
|
||||||
|
NAME = "netbox";
|
||||||
|
USER = "netbox";
|
||||||
|
HOST = "/run/postgresql";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Redis database settings. Redis is used for caching and for queuing
|
||||||
|
# background tasks such as webhook events. A separate configuration
|
||||||
|
# exists for each. Full connection details are required in both
|
||||||
|
# sections, and it is strongly recommended to use two separate database
|
||||||
|
# IDs.
|
||||||
|
REDIS = {
|
||||||
|
tasks = {
|
||||||
|
URL = "unix://${config.services.redis.servers.netbox.unixSocket}?db=0";
|
||||||
|
SSL = false;
|
||||||
|
};
|
||||||
|
caching = {
|
||||||
|
URL = "unix://${config.services.redis.servers.netbox.unixSocket}?db=1";
|
||||||
|
SSL = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
REMOTE_AUTH_BACKEND = lib.mkIf cfg.enableLdap "netbox.authentication.LDAPBackend";
|
||||||
|
|
||||||
|
LOGGING = lib.mkDefault {
|
||||||
|
version = 1;
|
||||||
|
|
||||||
|
formatters.precise.format = "[%(levelname)s@%(name)s] %(message)s";
|
||||||
|
|
||||||
|
handlers.console = {
|
||||||
|
class = "logging.StreamHandler";
|
||||||
|
formatter = "precise";
|
||||||
|
};
|
||||||
|
|
||||||
|
# log to console/systemd instead of file
|
||||||
|
root = {
|
||||||
|
level = "INFO";
|
||||||
|
handlers = [ "console" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
with open("${cfg.secretKeyFile}", "r") as file:
|
||||||
|
SECRET_KEY = file.readline()
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
services.redis.servers.netbox.enable = true;
|
services.redis.servers.netbox.enable = true;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue