blob: 3f07bf55d16f902041cbce206975acb86bd46304 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
{ config, pkgs, ... }:
let
ports = import ../ports.nix;
in {
services.nginx.virtualHosts."netbox.emile.space" = {
forceSSL = true;
enableACME = true;
kTLS = true;
locations."/" = {
proxyPass = "http://[::1]:${toString config.services.netbox.port}";
proxyWebsockets = true;
};
locations."/static/".root = "${config.services.netbox.dataDir}";
};
users.users.nginx.extraGroups = [ "netbox" ];
environment.systemPackages = with pkgs; [ netbox ];
services.netbox = {
enable = true;
package = pkgs.netbox_3_6; # nixos 23.11 now has netbox 3.6
dataDir = "/var/lib/netbox";
settings.ALLOWED_HOSTS = [ "*" ];
enableLdap = false;
settings = {};
secretKeyFile = config.age.secrets.netbox_secret.path;
port = ports.netbox;
listenAddress = "[::1]";
};
age.secrets.netbox_secret = {
mode = "440";
owner = "netbox";
group = "netbox";
};
#services.netbox = {
# enable = true;
# listenAddress = "[::1]";
# secretKeyFile = config.age.secrets.netbox_secret.path;
# package = pkgs.netbox.override { python3 = pkgs.python310; };
# # extraConfig = ''
# # # REMOTE_AUTH_BACKEND = 'social_core.backends.open_id_connect.OpenIdConnectAuth'
# # # SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = 'https://auth.c3voc.de'
# # EXEMPT_VIEW_PERMISSIONS = ['*']
# # '';
#};
# add nginx to the netbox group so it can read /var/lib/nginx/static
# users = {
# groups."netbox" = {};
# users = {
# netbox = {
# isNormalUser = true;
# group = "netbox";
# };
# };
# };
# users.users.nginx.extraGroups = [ "netbox" ];
}
|
